From ee9af1d5d48cbf3c3841375295035c661a4d3a88 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 19 Oct 2022 11:53:08 -0700 Subject: [PATCH 001/108] Update to data center locations. --- .../windows-autopatch/references/windows-autopatch-privacy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index a1ada94b72..723aa9a96b 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -1,7 +1,7 @@ --- title: Privacy description: This article provides details about the data platform and privacy compliance for Autopatch -ms.date: 05/30/2022 +ms.date: 10/19/2022 ms.prod: w11 ms.technology: windows ms.topic: reference @@ -40,7 +40,7 @@ Processor duties of Windows Autopatch include ensuring appropriate confidentiali ## Windows Autopatch data storage and staff location -Windows Autopatch stores its data in the Azure data centers in the United States. +Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations). Personal data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep personal data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview). From 7f1f710a7427f363999f4c61566d3f67643c4a98 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Mon, 31 Oct 2022 14:39:17 -0700 Subject: [PATCH 002/108] Update windows-autopatch-privacy.md Updated data center info as per Harman. --- .../references/windows-autopatch-privacy.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index f98208171e..020de9be1a 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -42,7 +42,10 @@ Processor duties of Windows Autopatch include ensuring appropriate confidentiali Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations). -Personal data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep personal data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview). +> [!IMPORTANT] +> + +Data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview). Windows Autopatch Service Engineering Team is in the United States, India and Romania. @@ -54,9 +57,9 @@ The enhanced diagnostic data setting includes more detailed information about th The diagnostic data terminology will change in future versions of Windows. Windows Autopatch is committed to processing only the data that the service needs. The diagnostic level will change to **Optional**, but Windows Autopatch will implement the limited diagnostic policies to fine-tune diagnostic data collection required for the service. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection). -Windows Autopatch only processes and stores system-level data from Windows 10 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' personal data such as chat and browser history, voice, text, or speech data. +Windows Autopatch only processes and stores system-level data from Windows 10 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' data such as chat and browser history, voice, text, or speech data. -For more information about the diagnostic data collection of Microsoft Windows 10, see the [Where we store and process personal data](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) section of the Microsoft Privacy Statement. +For more information about the diagnostic data collection of Microsoft Windows 10, see the [Where we store and process data](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) section of the Microsoft Privacy Statement. ## Tenant access @@ -107,11 +110,11 @@ Changes to the types of data gathered and where it's stored are considered a mat ## Data subject requests -Windows Autopatch follows General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) privacy regulations, which give data subjects specific rights to their personal data. +Windows Autopatch follows General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) privacy regulations, which give data subjects specific rights to their data. These rights include: -- Obtaining copies of personal data +- Obtaining copies of data - Requesting corrections to it - Restricting the processing of it - Deleting it @@ -123,7 +126,7 @@ To exercise data subject requests on data collected by the Windows Autopatch cas | Data subject requests | Description | | ------ | ------ | -| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of personal data related support requests by submitting a report request at the [admin center](https://aka.ms/memadmin).

Provide the following information: | +| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request at the [admin center](https://aka.ms/memadmin).

Provide the following information: | For DSRs from other products related to the service, see the following articles: From 8c2b1e1c8a693f148aa64fb9449439073112c66f Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Tue, 1 Nov 2022 10:57:23 -0400 Subject: [PATCH 003/108] Metadata update deployment/usmt --- .../getting-started-with-the-user-state-migration-tool.md | 7 ++++--- windows/deployment/usmt/migrate-application-settings.md | 8 ++++---- windows/deployment/usmt/migration-store-types-overview.md | 8 ++++---- windows/deployment/usmt/offline-migration-reference.md | 8 ++++---- .../deployment/usmt/understanding-migration-xml-files.md | 8 ++++---- windows/deployment/usmt/usmt-best-practices.md | 8 ++++---- .../deployment/usmt/usmt-choose-migration-store-type.md | 8 ++++---- windows/deployment/usmt/usmt-command-line-syntax.md | 8 ++++---- windows/deployment/usmt/usmt-common-issues.md | 8 ++++---- .../deployment/usmt/usmt-common-migration-scenarios.md | 8 ++++---- windows/deployment/usmt/usmt-configxml-file.md | 8 ++++---- windows/deployment/usmt/usmt-conflicts-and-precedence.md | 8 ++++---- windows/deployment/usmt/usmt-custom-xml-examples.md | 7 ++++--- windows/deployment/usmt/usmt-customize-xml-files.md | 8 ++++---- windows/deployment/usmt/usmt-determine-what-to-migrate.md | 8 ++++---- .../deployment/usmt/usmt-estimate-migration-store-size.md | 8 ++++---- .../deployment/usmt/usmt-exclude-files-and-settings.md | 8 ++++---- ...smt-extract-files-from-a-compressed-migration-store.md | 8 ++++---- windows/deployment/usmt/usmt-faq.yml | 8 ++++---- windows/deployment/usmt/usmt-general-conventions.md | 8 ++++---- windows/deployment/usmt/usmt-hard-link-migration-store.md | 8 ++++---- windows/deployment/usmt/usmt-how-it-works.md | 7 ++++--- windows/deployment/usmt/usmt-how-to.md | 8 ++++---- .../deployment/usmt/usmt-identify-application-settings.md | 8 ++++---- .../usmt/usmt-identify-file-types-files-and-folders.md | 8 ++++---- .../usmt/usmt-identify-operating-system-settings.md | 8 ++++---- windows/deployment/usmt/usmt-identify-users.md | 7 ++++--- .../deployment/usmt/usmt-include-files-and-settings.md | 8 ++++---- windows/deployment/usmt/usmt-loadstate-syntax.md | 8 ++++---- windows/deployment/usmt/usmt-log-files.md | 8 ++++---- .../usmt/usmt-migrate-efs-files-and-certificates.md | 8 ++++---- windows/deployment/usmt/usmt-migrate-user-accounts.md | 8 ++++---- .../deployment/usmt/usmt-migration-store-encryption.md | 8 ++++---- windows/deployment/usmt/usmt-overview.md | 8 ++++---- windows/deployment/usmt/usmt-plan-your-migration.md | 8 ++++---- .../usmt/usmt-recognized-environment-variables.md | 8 ++++---- windows/deployment/usmt/usmt-reference.md | 8 ++++---- windows/deployment/usmt/usmt-requirements.md | 8 ++++---- .../deployment/usmt/usmt-reroute-files-and-settings.md | 8 ++++---- windows/deployment/usmt/usmt-resources.md | 8 ++++---- windows/deployment/usmt/usmt-return-codes.md | 8 ++++---- windows/deployment/usmt/usmt-scanstate-syntax.md | 8 ++++---- windows/deployment/usmt/usmt-technical-reference.md | 8 ++++---- windows/deployment/usmt/usmt-test-your-migration.md | 8 ++++---- windows/deployment/usmt/usmt-topics.md | 8 ++++---- windows/deployment/usmt/usmt-troubleshooting.md | 8 ++++---- windows/deployment/usmt/usmt-utilities.md | 8 ++++---- windows/deployment/usmt/usmt-what-does-usmt-migrate.md | 8 ++++---- windows/deployment/usmt/usmt-xml-elements-library.md | 8 ++++---- windows/deployment/usmt/usmt-xml-reference.md | 8 ++++---- ...erify-the-condition-of-a-compressed-migration-store.md | 8 ++++---- windows/deployment/usmt/xml-file-requirements.md | 8 ++++---- 52 files changed, 208 insertions(+), 204 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 816ce09308..d7745fe0fc 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -2,12 +2,13 @@ title: User State Migration Tool (USMT) - Getting Started (Windows 10) description: Plan, collect, and prepare your source computer for migration using the User State Migration Tool (USMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.topic: article ms.technology: itpro-deploy +ms.date: 11/01/2022 --- # Getting Started with the User State Migration Tool (USMT) diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 5814c465d8..bbacdc6fb6 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -2,11 +2,11 @@ title: Migrate Application Settings (Windows 10) description: Learn how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using MigApp.xml. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index aec69b1dd2..0ec0b23bd4 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -2,11 +2,11 @@ title: Migration Store Types Overview (Windows 10) description: Learn about the migration store types and how to determine which migration store type best suits your needs. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 4e6416a3c3..6547ae4e37 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -2,11 +2,11 @@ title: Offline Migration Reference (Windows 10) description: Offline migration enables the ScanState tool to run inside a different Windows OS than the Windows OS from which ScanState is gathering files and settings. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index a8500e179f..ea5ecf6cbc 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -2,11 +2,11 @@ title: Understanding Migration XML Files (Windows 10) description: Learn how to modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 20736f2108..8ad4d611f8 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -3,11 +3,11 @@ title: USMT Best Practices (Windows 10) description: This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. ms.custom: seo-marvel-apr2020 ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index fb9d196086..3331b56156 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -2,11 +2,11 @@ title: Choose a Migration Store Type (Windows 10) description: Learn how to choose a migration store type and estimate the amount of disk space needed for computers in your organization. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 4ee45cbdca..116f2b60db 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -2,11 +2,11 @@ title: User State Migration Tool (USMT) Command-line Syntax (Windows 10) description: Learn about the User State Migration Tool (USMT) command-line syntax for using the ScanState tool, LoadState tool, and UsmtUtils tool. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 32ab6268e2..7d68fa83f6 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -2,11 +2,11 @@ title: Common Issues (Windows 10) description: Learn about common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -ms.date: 09/19/2017 -author: aczechowski +ms.date: 11/01/2022 +author: frankroj ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index a7c5b2d143..21c48d70bc 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -2,11 +2,11 @@ title: Common Migration Scenarios (Windows 10) description: See how the User State Migration Tool (USMT) 10.0 is used when planning hardware and/or operating system upgrades. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 55ce65391a..21fad15496 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -2,11 +2,11 @@ title: Config.xml File (Windows 10) description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the /genconfig option with the ScanState.exe tool. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index c14de7c5c9..a61b85e890 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -2,11 +2,11 @@ title: Conflicts and Precedence (Windows 10) description: In this article, learn how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index 5531154de7..b1e1541da3 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -2,12 +2,13 @@ title: Custom XML Examples (Windows 10) description: Use custom XML examples to learn how to migrate an unsupported application, migrate files and registry keys, and migrate the My Videos folder. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.topic: article ms.technology: itpro-deploy +ms.date: 11/01/2022 --- # Custom XML Examples diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 9092cef4af..2a6d7781cc 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -2,11 +2,11 @@ title: Customize USMT XML Files (Windows 10) description: Learn how to customize USMT XML files. Also, learn about the migration XML files that are included with USMT. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index 5f9cda4b77..571b2e6ed8 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -2,11 +2,11 @@ title: Determine What to Migrate (Windows 10) description: Determine migration settings for standard or customized for the User State Migration Tool (USMT) 10.0. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 28acdba266..fd4bdf87e0 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -2,11 +2,11 @@ title: Estimate Migration Store Size (Windows 10) description: Estimate the disk space requirement for a migration so that you can use User State Migration Tool (USMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 22b7169df1..8d74279363 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -2,11 +2,11 @@ title: Exclude Files and Settings (Windows 10) description: In this article, learn how to exclude files and settings when creating a custom .xml file and a config.xml file. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index 7d5909b79a..a1df56c1b1 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -2,11 +2,11 @@ title: Extract Files from a Compressed USMT Migration Store (Windows 10) description: In this article, learn how to extract files from a compressed User State Migration Tool (USMT) migration store. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-faq.yml b/windows/deployment/usmt/usmt-faq.yml index 024d9e89be..2b20b25a26 100644 --- a/windows/deployment/usmt/usmt-faq.yml +++ b/windows/deployment/usmt/usmt-faq.yml @@ -4,14 +4,14 @@ metadata: description: 'Learn about frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.' ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b ms.reviewer: - author: aczechowski - ms.author: aaroncz - manager: dougeby + author: frankroj + ms.author: frankroj + manager: aaroncz ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library audience: itpro - ms.date: 04/19/2017 + ms.date: 11/01/2022 ms.topic: faq title: Frequently Asked Questions summary: | diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md index 6ccaaa68cf..77678c8365 100644 --- a/windows/deployment/usmt/usmt-general-conventions.md +++ b/windows/deployment/usmt/usmt-general-conventions.md @@ -2,11 +2,11 @@ title: General Conventions (Windows 10) description: Learn about general XML guidelines and how to use XML helper functions in the XML Elements library to change migration behavior. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 5b98c857bf..0d5378225b 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -2,11 +2,11 @@ title: Hard-Link Migration Store (Windows 10) description: Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md index 37ea9bd0bc..27b2ee785c 100644 --- a/windows/deployment/usmt/usmt-how-it-works.md +++ b/windows/deployment/usmt/usmt-how-it-works.md @@ -2,12 +2,13 @@ title: How USMT Works (Windows 10) description: Learn how USMT works and how it includes two tools that migrate settings and data - ScanState and LoadState. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.topic: article ms.technology: itpro-deploy +ms.date: 11/01/2022 --- # How USMT Works diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md index 673ccff26e..117159f522 100644 --- a/windows/deployment/usmt/usmt-how-to.md +++ b/windows/deployment/usmt/usmt-how-to.md @@ -2,11 +2,11 @@ title: User State Migration Tool (USMT) How-to topics (Windows 10) description: Reference the topics in this article to learn how to use User State Migration Tool (USMT) 10.0 to perform specific tasks. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md index 586733f45e..e3c81ca9bd 100644 --- a/windows/deployment/usmt/usmt-identify-application-settings.md +++ b/windows/deployment/usmt/usmt-identify-application-settings.md @@ -2,11 +2,11 @@ title: Identify Applications Settings (Windows 10) description: Identify which applications and settings you want to migrate before using the User State Migration Tool (USMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md index 86e1f15aa7..155b67b822 100644 --- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md +++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md @@ -2,11 +2,11 @@ title: Identify File Types, Files, and Folders (Windows 10) description: Learn how to identify the file types, files, folders, and settings that you want to migrate when you're planning your migration. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md index 71a553ad8f..c41480ca72 100644 --- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md +++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md @@ -2,11 +2,11 @@ title: Identify Operating System Settings (Windows 10) description: Identify which system settings you want to migrate, then use the User State Migration Tool (USMT) to select settings and keep the default values for all others. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md index 59be0df0d4..c25468f2ed 100644 --- a/windows/deployment/usmt/usmt-identify-users.md +++ b/windows/deployment/usmt/usmt-identify-users.md @@ -2,13 +2,14 @@ title: Identify Users (Windows 10) description: Learn how to identify users you plan to migrate, as well as how to migrate local accounts and domain accounts. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.topic: article ms.localizationpriority: medium ms.technology: itpro-deploy +ms.date: 11/01/2022 --- # Identify Users diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md index c6ef4174e5..371d380e66 100644 --- a/windows/deployment/usmt/usmt-include-files-and-settings.md +++ b/windows/deployment/usmt/usmt-include-files-and-settings.md @@ -2,11 +2,11 @@ title: Include Files and Settings (Windows 10) description: Specify the migration .xml files you want, then use the User State Migration Tool (USMT) 10.0 to migrate the settings and components specified. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index ebd2d4e5ed..829942814a 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -2,11 +2,11 @@ title: LoadState Syntax (Windows 10) description: Learn about the syntax and usage of the command-line options available when you use the LoadState command. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 86e3f5ec0b..57563d3932 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -2,11 +2,11 @@ title: Log Files (Windows 10) description: Learn how to use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index f0a495a6f9..d69ef98d2d 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -2,11 +2,11 @@ title: Migrate EFS Files and Certificates (Windows 10) description: Learn how to migrate Encrypting File System (EFS) certificates. Also, learn where to find information about how to identify file types, files, and folders. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index 206ef57db5..ad49e90fc3 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -2,11 +2,11 @@ title: Migrate User Accounts (Windows 10) description: Learn how to migrate user accounts and how to specify which users to include and exclude by using the User options on the command line. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index a5721b75b6..c0a58da681 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -2,11 +2,11 @@ title: Migration Store Encryption (Windows 10) description: Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md index ddecca1043..3bb7d204bb 100644 --- a/windows/deployment/usmt/usmt-overview.md +++ b/windows/deployment/usmt/usmt-overview.md @@ -1,11 +1,11 @@ --- title: User State Migration Tool (USMT) Overview (Windows 10) description: Learn about using User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 10/16/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.collection: highpri ms.technology: itpro-deploy diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index d66afb281e..0a19f947c6 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -2,11 +2,11 @@ title: Plan Your Migration (Windows 10) description: Learn how to your plan your migration carefully so your migration can proceed smoothly and so that you reduce the risk of migration failure. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index bab5c90ed1..9f2b03a289 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -1,11 +1,11 @@ --- title: Recognized Environment Variables (Windows 10) description: Learn how to use environment variables to identify folders that may be different on different computers. -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.collection: highpri ms.technology: itpro-deploy diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md index f7a3cc1d14..06c1fbebbb 100644 --- a/windows/deployment/usmt/usmt-reference.md +++ b/windows/deployment/usmt/usmt-reference.md @@ -2,11 +2,11 @@ title: User State Migration Toolkit (USMT) Reference (Windows 10) description: Use this User State Migration Toolkit (USMT) article to learn details about USMT, like operating system, hardware, and software requirements, and user prerequisites. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index d0cc3d2e50..622a516b54 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -2,11 +2,11 @@ title: USMT Requirements (Windows 10) description: While the User State Migration Tool (USMT) doesn't have many requirements, these tips and tricks can help smooth the migration process. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 05/03/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md index c059c077b9..8be21ac8a0 100644 --- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md +++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md @@ -2,11 +2,11 @@ title: Reroute Files and Settings (Windows 10) description: Learn how to create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines to reroute files and settings. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md index 4ce47e1590..0ad98d6c8b 100644 --- a/windows/deployment/usmt/usmt-resources.md +++ b/windows/deployment/usmt/usmt-resources.md @@ -2,11 +2,11 @@ title: USMT Resources (Windows 10) description: Learn about User State Migration Tool (USMT) online resources, including Microsoft Visual Studio and forums. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index 551ed21158..4d2303e981 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -2,11 +2,11 @@ title: Return Codes (Windows 10) description: Learn about User State Migration Tool (USMT) 10.0 return codes and error messages. Also view a list of USMT return codes and their associated migration steps. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 88a99b7a43..7351df80a0 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -2,11 +2,11 @@ title: ScanState Syntax (Windows 10) description: The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index e28e3bc9ca..32b5295f93 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -2,11 +2,11 @@ title: User State Migration Tool (USMT) Technical Reference (Windows 10) description: The User State Migration Tool (USMT) provides a highly customizable user-profile migration experience for IT professionals. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.custom: seo-marvel-apr2020 ms.technology: itpro-deploy diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md index 6406cfc2c4..2d74f775c7 100644 --- a/windows/deployment/usmt/usmt-test-your-migration.md +++ b/windows/deployment/usmt/usmt-test-your-migration.md @@ -2,11 +2,11 @@ title: Test Your Migration (Windows 10) description: Learn about testing your migration plan in a controlled laboratory setting before you deploy it to your entire organization. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md index e3a456a033..8ebf33ae94 100644 --- a/windows/deployment/usmt/usmt-topics.md +++ b/windows/deployment/usmt/usmt-topics.md @@ -2,11 +2,11 @@ title: User State Migration Tool (USMT) Overview Topics (Windows 10) description: Learn about User State Migration Tool (USMT) overview topics that describe USMT as a highly customizable user-profile migration experience for IT professionals. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md index e3b1162419..5ab5ccc7ae 100644 --- a/windows/deployment/usmt/usmt-troubleshooting.md +++ b/windows/deployment/usmt/usmt-troubleshooting.md @@ -2,11 +2,11 @@ title: User State Migration Tool (USMT) Troubleshooting (Windows 10) description: Learn about topics that address common User State Migration Tool (USMT) 10.0 issues and questions to assist in troubleshooting. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md index feac03f881..35d372e00b 100644 --- a/windows/deployment/usmt/usmt-utilities.md +++ b/windows/deployment/usmt/usmt-utilities.md @@ -2,11 +2,11 @@ title: UsmtUtils Syntax (Windows 10) description: Learn about the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 92b200dc38..7d9d0baa0d 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -2,11 +2,11 @@ title: What does USMT migrate (Windows 10) description: Learn how User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 09/12/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index 5537ec22e6..ed1bc0aacd 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -2,11 +2,11 @@ title: XML Elements Library (Windows 10) description: Learn about the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md index aed31c7e9a..5f1c504072 100644 --- a/windows/deployment/usmt/usmt-xml-reference.md +++ b/windows/deployment/usmt/usmt-xml-reference.md @@ -2,11 +2,11 @@ title: USMT XML Reference (Windows 10) description: Learn about working with and customizing the migration XML files using User State Migration Tool (USMT) XML Reference for Windows 10. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md index cac669786b..413aa0bcaa 100644 --- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md +++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md @@ -2,11 +2,11 @@ title: Verify the Condition of a Compressed Migration Store (Windows 10) description: Use these tips and tricks to verify the condition of a compressed migration store when using User State Migration Tool (USMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index b080e87c2b..4a5c136f31 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -2,11 +2,11 @@ title: XML File Requirements (Windows 10) description: Learn about the XML file requirements for creating custom .xml files, like the file must be in UTF-8 and have a unique migration URL ID. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/19/2017 +author: frankroj +ms.date: 11/01/2022 ms.topic: article ms.technology: itpro-deploy --- From 7db47bb3b01658528d34afdac3e14098e30160bf Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Tue, 1 Nov 2022 11:45:19 -0400 Subject: [PATCH 004/108] Metadata update deployment/usmt 2 --- ...rted-with-the-user-state-migration-tool.md | 49 +++++----- .../usmt/migrate-application-settings.md | 90 ++++++++----------- .../usmt/migration-store-types-overview.md | 39 +++----- 3 files changed, 73 insertions(+), 105 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index d7745fe0fc..36ebaa83a2 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -12,9 +12,9 @@ ms.date: 11/01/2022 --- # Getting Started with the User State Migration Tool (USMT) -This topic outlines the general process that you should follow to migrate files and settings. +This article outlines the general process that you should follow to migrate files and settings. -## In this topic +## In this article - [Step 1: Plan Your Migration](#step-1-plan-your-migration) - [Step 2: Collect files and settings from the source computer](#step-2-collect-files-and-settings-from-the-source-computer) @@ -22,64 +22,67 @@ This topic outlines the general process that you should follow to migrate files - [Step 3: Prepare the destination computer and restore files and settings](#step-3-prepare-the-destination-computer-and-restore-files-and-settings) ## Step 1: Plan your migration + 1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md). 2. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys. 3. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). -4. Use the **/GenMigXML** command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information see [ScanState Syntax](usmt-scanstate-syntax.md) +4. Use the **/GenMigXML** command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) -5. Modify copies of the Migration.xml and MigDocs.xml files and create custom .xml files, if it is required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or **MigXmlHelper.GenerateDocPatterns** helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. +5. Modify copies of the Migration.xml and MigDocs.xml files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or **MigXmlHelper.GenerateDocPatterns** helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. + + > [!Important] + > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files. - **Important**   - We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files. - You can use the MigXML.xsd file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). 6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the **ScanState** command. For example, the following command creates a Config.xml file by using the MigDocs and MigApp.xml files: `scanstate /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scanstate.log` -7. Review the migration state of the components listed in the Config.xml file, and specify `migrate=no` for any components that you do not want to migrate. +7. Review the migration state of the components listed in the Config.xml file, and specify `migrate=no` for any components that you don't want to migrate. ## Step 2: Collect files and settings from the source computer + 1. Back up the source computer. 2. Close all applications. If some applications are running when you run the **ScanState** command, USMT might not migrate all of the specified data. For example, if Microsoft® Office Outlook® is open, USMT might not migrate PST files. - **Note**   - USMT will fail if it cannot migrate a file or setting unless you specify the **/C** option. When you specify the **/C** option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the **<ErrorControl>** section in the Config.xml file to specify which errors should be ignored, and which should cause the migration to fail. + > [!Note] + > USMT will fail if it cannot migrate a file or setting unless you specify the **/C** option. When you specify the **/C** option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the **<ErrorControl>** section in the Config.xml file to specify which errors should be ignored, and which should cause the migration to fail. 3. Run the **ScanState** command on the source computer to collect files and settings. You should specify all of the .xml files that you want the **ScanState** command to use. For example, `scanstate \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log` - **Note**   - If the source computer is running Windows 7, or Windows 8, you must run the **ScanState** command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then click **Run As Administrator**. If the source computer is running Windows XP, you must run the **ScanState** command from an account that has administrative credentials. For more information about the how the **ScanState** command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). + > [!Note] + > If the source computer is running Windows 7, or Windows 8, you must run the **ScanState** command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then click **Run As Administrator**. If the source computer is running Windows XP, you must run the **ScanState** command from an account that has administrative credentials. For more information about the how the **ScanState** command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). -4. Run the **USMTUtils** command with the **/Verify** option to ensure that the store you created is not corrupted. +4. Run the **USMTUtils** command with the **/Verify** option to ensure that the store you created isn't corrupted. ## Step 3: Prepare the destination computer and restore files and settings + 1. Install the operating system on the destination computer. -2. Install all applications that were on the source computer. Although it is not always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved. +2. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved. - **Note**   - The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft® Office, which USMT can migrate from an older version to a newer version. + > [!Note] + > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft® Office, which USMT can migrate from an older version to a newer version. -3. Close all applications. If some applications are running when you run the **LoadState** command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. +3. Close all applications. If some applications are running when you run the **LoadState** command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. - **Note**   - Use **/C** to continue your migration if errors are encountered, and use the **<ErrorControl>** section in the Config.xml file to specify which errors should be ignored, and which errors should cause the migration to fail. + > [!Note] + > Use **/C** to continue your migration if errors are encountered, and use the **<ErrorControl>** section in the Config.xml file to specify which errors should be ignored, and which errors should cause the migration to fail. -4. Run the **LoadState** command on the destination computer. Specify the same set of .xml files that you specified when you used the **ScanState** command. However, you do not have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the Config.xml file and specify the updated file by using the **LoadState** command. Then, the **LoadState** command will migrate only the files and settings that you want to migrate. For more information about the how the **LoadState** command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). +4. Run the **LoadState** command on the destination computer. Specify the same set of .xml files that you specified when you used the **ScanState** command. However, you don't have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the Config.xml file and specify the updated file by using the **LoadState** command. Then, the **LoadState** command will migrate only the files and settings that you want to migrate. For more information about how the **LoadState** command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). For example, the following command migrates the files and settings: `loadstate \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` - **Note**   - Run the **LoadState** command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. + > [!Note] + > Run the **LoadState** command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. -5. Log off after you run the **LoadState** command. Some settings (for example, fonts, wallpaper, and screen saver settings) will not take effect until the next time that the user logs on. +5. Log off after you run the **LoadState** command. Some settings (for example, fonts, wallpaper, and screen saver settings) won't take effect until the next time that the user logs on. diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index bbacdc6fb6..34add68753 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -13,19 +13,17 @@ ms.technology: itpro-deploy # Migrate Application Settings +You can create a custom .xml file to migrate specific line-of-business application settings or to change the default migration behavior of the User State Migration Tool (USMT) 10.0. For ScanState and LoadState to use this file, you must specify the custom .xml file on both command lines. -You can create a custom .xml file to migrate specific line-of-business application settings or to change the default migration behavior of the User State Migration Tool (USMT) 10.0. For ScanState and LoadState to use this file, you must specify the custom .xml file on both command lines. +This article defines how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using MigApp.xml. You should migrate the settings after you install the application, but before the user runs the application for the first time. -This topic defines how to author a custom migration .xml file that migrates the settings of an application that is not migrated by default using MigApp.xml. You should migrate the settings after you install the application, but before the user runs the application for the first time. - -This topic does not contain information about how to migrate applications that store settings in an application-specific store, only the applications that store the information in files or in the registry. It also does not contain information about how to migrate the data that users create using the application. For example, if the application creates .doc files using a specific template, this topic does not discuss how to migrate the .doc files and templates themselves. - -## In this Topic +This article doesn't contain information about how to migrate applications that store settings in an application-specific store, only the applications that store the information in files or in the registry. It also doesn't contain information about how to migrate the data that users create using the application. For example, if the application creates .doc files using a specific template, this article doesn't discuss how to migrate the .doc files and templates themselves. +## In this article - [Before You Begin](#bkmk-beforebegin) -- [Step 1: Verify that the application is installed on the source computer, and that it is the same version as the version to be installed on the destination computer](#bkmk-step1). +- [Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer](#bkmk-step1). - [Step 2: Identify settings to collect and determine where each setting is stored on the computer](#bkmk-step2). @@ -37,30 +35,27 @@ This topic does not contain information about how to migrate applications that s ## Before You Begin +You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 7 on your test computer and then install the application. -You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you are planning on migrating from Windows 7 to Windows 10, install Windows 7 on your test computer and then install the application. +## Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer. -## Step 1: Verify that the application is installed on the source computer, and that it is the same version as the version to be installed on the destination computer. +Before USMT migrates the settings, you need it to check whether the application is installed on the source computer, and that it's the correct version. If the application isn't installed on the source computer, you probably don't want USMT to spend time searching for the application's settings. More importantly, if USMT collects settings for an application that isn't installed, it may migrate settings that will cause the destination computer to function incorrectly. You should also investigate whether there's more than one version of the application because the new version may not store the settings in the same place. Mismatched application versions may lead to unexpected results on the destination computer. - -Before USMT migrates the settings, you need it to check whether the application is installed on the source computer, and that it is the correct version. If the application is not installed on the source computer, you probably do not want USMT to spend time searching for the application’s settings. More importantly, if USMT collects settings for an application that is not installed, it may migrate settings that will cause the destination computer to function incorrectly. You should also investigate whether there is more than one version of the application. This is because the new version may not store the settings in the same place, which may lead to unexpected results on the destination computer. - -There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry, and then search the computer for the executable file that installed the application. It is important that you check for both of these items, because sometimes different versions of the same application share the same uninstall key. So even if the key is there, it may not correspond to the version of the application that you want. +There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry, and then search the computer for the executable file that installed the application. It's important that you check for both of these items, because sometimes different versions of the same application share the same uninstall key. So even if the key is there, it may not correspond to the version of the application that you want. ### Check the registry for an application uninstall key. -When many applications are installed (especially those installed using the Microsoft® Windows® Installer technology), an application uninstall key is created under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall**. For example, when Adobe Acrobat Reader 7 is installed, it creates a key named **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall \\{AC76BA86-7AD7-1033-7B44-A70000000000}**. Therefore, if a computer contains this key, then Adobe Acrobat Reader 7 is installed on the computer. You can check for the existence of a registry key using the **DoesObjectExist** helper function. +When many applications are installed (especially those installed using the Microsoft® Windows® Installer technology), an application uninstall key is created under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall**. For example, when Adobe Acrobat Reader 7 is installed, it creates a key named **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall \\{AC76BA86-7AD7-1033-7B44-A70000000000}**. Therefore, if a computer contains this key, then Adobe Acrobat Reader 7 is installed on the computer. You can check for the existence of a registry key using the **DoesObjectExist** helper function. Usually, you can find this key by searching under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall** for the name of the application, the name of the application executable file, or for the name of the company that makes the application. You can use the Registry Editor (**Regedit.exe** located in the %**SystemRoot**%) to search the registry. ### Check the file system for the application executable file. -You should also check the application binaries for the executable that installed the application. To do this, you will first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you have determined the path to the application executable, you can use the **DoesFileVersionMatch** helper function to check for the correct version of the application executable. For an example of how to do this, see the Windows Live™ Messenger section of the MigApp.xml file. +You should also check the application binaries for the executable that installed the application. To check for application binaries, you'll first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you've determined the path to the application executable, you can use the **DoesFileVersionMatch** helper function to check for the correct version of the application executable. For an example of how to use the **DoesFileVersionMatch** helper function, see the Windows Live™ Messenger section of the MigApp.xml file. ## Step 2: Identify settings to collect and determine where each setting is stored on the computer. - -Next, you should go through the user interface and make a list of all of the available settings. You can reduce the list if there are settings that you do not want to migrate. To determine where each setting is stored, you will need to change each setting and monitor the activity on the registry and the file system. You do not need to migrate the binary files and registry settings that are made when the application is installed. This is because you will need to reinstall the application onto the destination computer. You only need to migrate those settings that are customizable. +Next, you should go through the user interface and make a list of all of the available settings. You can reduce the list if there are settings that you don't want to migrate. To determine where each setting is stored, you'll need to change each setting and monitor the activity on the registry and the file system. You don't need to migrate the binary files and registry settings that are made when the application is installed because you'll need to reinstall the application onto the destination computer. You only need to migrate those settings that are customizable. ### @@ -72,59 +67,49 @@ Next, you should go through the user interface and make a list of all of the ava 3. Filter the output of the tools so it only displays changes being made by the application. - **Note**   - Most applications store their settings under the user profile. That is, the settings stored in the file system are under the %**UserProfile**% directory, and the settings stored in the registry are under the **HKEY\_CURRENT\_USER** hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine. + > [!Note] + > Most applications store their settings under the user profile. That is, the settings stored in the file system are under the %**UserProfile**% directory, and the settings stored in the registry are under the **HKEY\_CURRENT\_USER** hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine. - - -4. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you are changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically will not take effect until you close the dialog box by clicking **OK**. +4. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you're changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically won't take effect until you close the dialog box by clicking **OK**. 5. When the setting is changed, note the changes to the file system and registry. There may be more than one file or registry values for each setting. You should identify the minimal set of file and registry changes that are required to change this setting. This set of files and registry keys is what you will need to migrate in order to migrate the setting. - **Note**   - Changing an application setting invariably leads to writing to registry keys. If possible, filter the output of the file and registry monitor tool to display only writes to files and registry keys/values. - - + > [!Note] + > Changing an application setting invariably leads to writing to registry keys. If possible, filter the output of the file and registry monitor tool to display only writes to files and registry keys/values. ## Step 3: Identify how to apply the gathered settings. - -If the version of the application on the source computer is the same as the one on the destination computer, then you do not have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the C:\\Documents and Settings\\User1\\My Documents folder and the profile directory on the destination computer is located at D:\\Users\\User1, then USMT will automatically migrate the file to D:\\Users\\User1\\My Documents. However, you may need to modify the location of some settings in the following three cases: +If the version of the application on the source computer is the same as the one on the destination computer, then you don't have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the C:\\Documents and Settings\\User1\\My Documents folder and the profile directory on the destination computer is located at D:\\Users\\User1, then USMT will automatically migrate the file to D:\\Users\\User1\\My Documents. However, you may need to modify the location of some settings in the following three cases: ### Case 1: The version of the application on the destination computer is newer than the one on the source computer. -In this case, the newer version of the application may be able to read the settings from the source computer without modification. That is, the data collected from an older version of the application is sometimes compatible with the newer version of the application. However, you may need to modify the setting location if either of the following is true: +In this case, the newer version of the application may be able to read the settings from the source computer without modification. That is, the data collected from an older version of the application is sometimes compatible with the newer version of the application. However, you may need to modify the setting location if either of the following conditions is true: -- **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings have been migrated. Some applications do this automatically after settings are migrated; however, other applications will only do this if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version (which is the case in most migrations), the computer does not contain this set of files and registry keys so the mapping does not occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer. +- **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings have been migrated. Some applications import settings automatically after settings are migrated. However, other applications will only do import settings if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version (which is the case in most migrations), the computer doesn't contain this set of files and registry keys so the mapping doesn't occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer. To identify which files and/or registry keys/values need to be created to cause the import, you should upgrade the older version of the application to the newer one and monitor the changes made to the file system and registry by using the same process described in [How To determine where each setting is stored](#bkmkdetermine). Once you know the set of files that the computer needs, you can use the <`addObjects`> element to add them to the destination computer. -- [The newer version of the application cannot read settings from the source computer and it is also unable to import the settings into the new format.](#bkmkdetermine) In this case, you will need to create a mapping for each setting from the old locations to the new locations. To do this, determine where the newer version stores each setting using the process described in How to determine where each setting is stored. After you have created the mapping, apply the settings to the new location on the destination computer using the <`locationModify`> element, and the **RelativeMove** and **ExactMove** helper functions. +- [The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.](#bkmkdetermine) In this case, you'll need to create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How To determine where each setting is stored](#bkmkdetermine). After you've created the mapping, apply the settings to the new location on the destination computer using the <`locationModify`> element, and the **RelativeMove** and **ExactMove** helper functions. ### Case 2: The destination computer already contains settings for the application. -We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this because this ensures that there are no settings on the destination computer when you migrate the settings. If you must install the application before the migration, you should delete any existing settings using the <`destinationCleanup`> element. If for any reason you want to preserve the settings that are on the destination computer, you can use the <`merge`> element and **DestinationPriority** helper function. +We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. If you must install the application before the migration, you should delete any existing settings using the <`destinationCleanup`> element. If for any reason you want to preserve the settings that are on the destination computer, you can use the <`merge`> element and **DestinationPriority** helper function. -### Case 3: The application overwrites settings when it is installed. +### Case 3: The application overwrites settings when it's installed. -We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this because this ensures that there are no settings on the destination computer when you migrate the settings. Also, when some applications are installed, they overwrite any existing settings that are on the computer. In this scenario, if you migrated the data before you installed the application, your customized settings would be overwritten. This is common for applications that store settings in locations that are outside of the user profile (typically these are settings that apply to all users). These universal settings are sometimes overwritten when an application is installed, and they are replaced by default values. To avoid this, you must install these applications before migrating the files and settings to the destination computer. By default with USMT, data from the source computer overwrites data that already exists in the same location on the destination computer. +We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. Also, when some applications are installed, they overwrite any existing settings that are on the computer. In this scenario, if you migrated the data before you installed the application, your customized settings would be overwritten. This scenario is common for applications that store settings in locations that are outside of the user profile (typically these settings are settings that apply to all users). These universal settings are sometimes overwritten when an application is installed, and they're replaced by default values. To avoid this problem, you must install these applications before migrating the files and settings to the destination computer. By default with USMT, data from the source computer overwrites data that already exists in the same location on the destination computer. ## Step 4: Create the migration XML component for the application +After you have completed steps 1 through 3, you'll need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the MigApp.xml file as a model because it contains examples of many of the concepts discussed in this article. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file. -After you have completed steps 1 through 3, you will need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the MigApp.xml file as a model because it contains examples of many of the concepts discussed in this topic. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file. + > [!Note] + > We recommend that you create a separate .xml file instead of adding your script to the **MigApp.xml** file. This is because the **MigApp.xml** file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the **MigApp.xml** file will be overwritten by the default version of the file and you will lose your customized version. -**Note**   -We recommend that you create a separate .xml file instead of adding your script to the **MigApp.xml** file. This is because the **MigApp.xml** file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the **MigApp.xml** file will be overwritten by the default version of the file and you will lose your customized version. +> [!Important] +> Some applications store information in the user profile that should not be migrated (for example, application installation paths, the computer name, and so on). You should make sure to exclude these files and registry keys from the migration. - - -**Important**   -Some applications store information in the user profile that should not be migrated (for example, application installation paths, the computer name, and so on). You should make sure to exclude these files and registry keys from the migration. - - - -Your script should do the following: +Your script should do the following actions: 1. Check whether the application and correct version is installed by: @@ -136,7 +121,7 @@ Your script should do the following: - If the versions of the applications are the same on both the source and destination computers, migrate each setting using the <`include`> and <`exclude`> elements. - - If the version of the application on the destination computer is newer than the one on the source computer, and the application cannot import the settings, your script should either 1) add the set of files that trigger the import using the <`addObjects`> element or 2) create a mapping that applies the old settings to the correct location on the destination computer using the <`locationModify`> element, and the **RelativeMove** and **ExactMove** helper functions. + - If the version of the application on the destination computer is newer than the one on the source computer, and the application can't import the settings, your script should either 1) add the set of files that trigger the import using the <`addObjects`> element or 2) create a mapping that applies the old settings to the correct location on the destination computer using the <`locationModify`> element, and the **RelativeMove** and **ExactMove** helper functions. - If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the <`destinationCleanup`> element. @@ -144,13 +129,11 @@ For information about the .xml elements and helper functions, see [XML Elements ## Step 5: Test the application settings migration +On a test computer, install the operating system that will be installed on the destination computers. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 10 and the application. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly. -On a test computer, install the operating system that will be installed on the destination computers. For example, if you are planning on migrating from Windows 7 to Windows 10, install Windows 10 and the application. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly. - -To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you are testing. To specify only User1 in the migration, type: **/ue:\*\\\* /ui:user1**. For more information, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md) and User options in the [ScanState Syntax](usmt-scanstate-syntax.md) topic. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration. - -## Related topics +To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you're testing. To specify only User1 in the migration, type: **/ue:\*\\\* /ui:user1**. For more information, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md) and User options in the [ScanState Syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration. +## Related articles [USMT XML Reference](usmt-xml-reference.md) @@ -158,7 +141,4 @@ To speed up the time it takes to collect and migrate the data, you can migrate o [XML Elements Library](usmt-xml-elements-library.md) -[Log Files](usmt-log-files.md) - - - +[Log Files](usmt-log-files.md) \ No newline at end of file diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 0ec0b23bd4..24786bf4c6 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -13,11 +13,9 @@ ms.technology: itpro-deploy # Migration Store Types Overview +When planning your migration, you should determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers. You should also determine the space needed to create and host the migration store, whether you're using a local share, network share, or storage device. -When planning your migration, you should determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers. You should also determine the space needed to create and host the migration store, whether you are using a local share, network share, or storage device. - -## In This Topic - +## In this article [Migration Store Types](#bkmk-types) @@ -27,22 +25,21 @@ When planning your migration, you should determine which migration store type be ## Migration Store Types - This section describes the three migration store types available in USMT. ### Uncompressed (UNC) -The uncompressed (UNC) migration store is an uncompressed directory with a mirror image of the folder hierarchy being migrated. Each directory and file retains the same access permissions that it has on the local file system. You can use Windows Explorer to view this migration store type. Settings are stored in a catalog file that also describes how to restore files on the destination computer. +The uncompressed (UNC) migration store is an uncompressed directory with a mirror image of the folder hierarchy being migrated. Each directory and file retains the same access permissions that it has on the local file system. You can use Windows Explorer to view this migration store type. Settings are stored in a catalog file that also describes how to restore files on the destination computer. ### Compressed -The compressed migration store is a single image file that contains all files being migrated and a catalog file. This image file is often encrypted and protected with a password, and cannot be navigated with Windows Explorer. +The compressed migration store is a single image file that contains all files being migrated and a catalog file. This image file is often encrypted and protected with a password, and can't be navigated with Windows Explorer. ### Hard-Link -A hard-link migration store functions as a map that defines how a collection of bits on the hard disk are “wired” into the file system. You use the new USMT hard-link migration store in the PC Refresh scenario only. This is because the hard-link migration store is maintained on the local computer while the old operating system is removed and the new operating system is installed. Using a hard-link migration store saves network bandwidth and minimizes the server use needed to accomplish the migration. +A hard-link migration store functions as a map that defines how a collection of bits on the hard disk are "wired" into the file system. You use the new USMT hard-link migration store in the PC Refresh scenario only. You only use hard-link migration stores in Refresh scenarios because the hard-link migration store is maintained on the local computer while the old operating system is removed and the new operating system is installed. Using a hard-link migration store saves network bandwidth and minimizes the server use needed to accomplish the migration. -You use a command-line option,**/hardlink** , to create a hard-link migration store, which functions the same as an uncompressed migration store. Files are not duplicated on the local computer when user state is captured, nor are they duplicated when user state is restored. For more information, see [Hard-Link Migration Store](usmt-hard-link-migration-store.md). +You use a command-line option,**/hardlink** , to create a hard-link migration store, which functions the same as an uncompressed migration store. Files aren't duplicated on the local computer when user state is captured, nor are they duplicated when user state is restored. For more information, see [Hard-Link Migration Store](usmt-hard-link-migration-store.md). The following flowchart illustrates the procedural differences between a local migration store and a remote migration store. In this example, a hard-link migration store is used for the local store. @@ -51,29 +48,17 @@ The following flowchart illustrates the procedural differences between a local m ## Local Store vs. Remote Store -If you have enough space and you are migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you are using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It is also good practice to ensure that the migration is the only task the server is performing. +If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. -If there is not enough local disk space, or if you are moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share C:\\store on the destination computer. Then run the ScanState command on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store. Then, run the **LoadState** command on the destination computer and specify **C:\\Store** as the store location. By doing this, you do not need to save the files to a server. +If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share C:\\store on the destination computer. Then run the ScanState command on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store. Then, run the **LoadState** command on the destination computer and specify **C:\\Store** as the store location. By doing this process, you don't need to save the files to a server. -**Important**   -If possible, have users store their data within their %UserProfile%\\My Documents and %UserProfile%\\Application Data folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. - - +> [!Important] +> If possible, have users store their data within their %UserProfile%\\My Documents and %UserProfile%\\Application Data folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. ### The /localonly Command-Line Option You should use this option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify **/LocalOnly**, see [ScanState Syntax](usmt-scanstate-syntax.md). -## Related topics - - -[Plan Your Migration](usmt-plan-your-migration.md) - - - - - - - - +## Related articles +[Plan Your Migration](usmt-plan-your-migration.md) \ No newline at end of file From d602eaecfb329ed650e27f127351becfbd0cb3cc Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Tue, 1 Nov 2022 11:54:10 -0400 Subject: [PATCH 005/108] Metadata update deployment/usmt 3 --- .../usmt/getting-started-with-the-user-state-migration-tool.md | 3 ++- windows/deployment/usmt/migrate-application-settings.md | 2 +- windows/deployment/usmt/migration-store-types-overview.md | 3 +-- windows/deployment/usmt/offline-migration-reference.md | 2 +- windows/deployment/usmt/understanding-migration-xml-files.md | 2 +- windows/deployment/usmt/usmt-common-issues.md | 2 +- windows/deployment/usmt/usmt-common-migration-scenarios.md | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 36ebaa83a2..b651150437 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -14,7 +14,8 @@ ms.date: 11/01/2022 # Getting Started with the User State Migration Tool (USMT) This article outlines the general process that you should follow to migrate files and settings. -## In this article +## In this topic + - [Step 1: Plan Your Migration](#step-1-plan-your-migration) - [Step 2: Collect files and settings from the source computer](#step-2-collect-files-and-settings-from-the-source-computer) diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 34add68753..901b8492dd 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -19,7 +19,7 @@ This article defines how to author a custom migration .xml file that migrates th This article doesn't contain information about how to migrate applications that store settings in an application-specific store, only the applications that store the information in files or in the registry. It also doesn't contain information about how to migrate the data that users create using the application. For example, if the application creates .doc files using a specific template, this article doesn't discuss how to migrate the .doc files and templates themselves. -## In this article +## In this topic - [Before You Begin](#bkmk-beforebegin) diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 24786bf4c6..c325842a0a 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -15,7 +15,7 @@ ms.technology: itpro-deploy When planning your migration, you should determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers. You should also determine the space needed to create and host the migration store, whether you're using a local share, network share, or storage device. -## In this article +## In this topic [Migration Store Types](#bkmk-types) @@ -47,7 +47,6 @@ The following flowchart illustrates the procedural differences between a local m ## Local Store vs. Remote Store - If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share C:\\store on the destination computer. Then run the ScanState command on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store. Then, run the **LoadState** command on the destination computer and specify **C:\\Store** as the store location. By doing this process, you don't need to save the files to a server. diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 6547ae4e37..da74e771c4 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -27,7 +27,7 @@ When you use User State Migration Tool (USMT) 10.0 to gather and restore user s - **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE. -## In This topic +## In this topic - [What Will Migrate Offline?](#bkmk-whatwillmigrate) diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index ea5ecf6cbc..d94ad7300b 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -17,7 +17,7 @@ You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 mig This topic provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file. The MigDocs.xml file uses the new **GenerateDocPatterns** function available in USMT to automatically find user documents on a source computer. -## In This topic +## In this topic [Overview of the Config.xml file](#bkmk-config) diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 7d68fa83f6..556391a040 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -16,7 +16,7 @@ ms.technology: itpro-deploy The following sections discuss common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. USMT produces log files that describe in further detail any errors that occurred during the migration process. These logs can be used to troubleshoot migration failures. -## In This Topic +## In this topic [User Account Problems](#user) diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index 21c48d70bc..a64d459198 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -18,7 +18,7 @@ You use the User State Migration Tool (USMT) 10.0 when hardware and/or operatin One common scenario when only the operating system, and not the hardware, is being upgraded is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system. -## In this topic +**In this article:** [PC Refresh](#bkmk-pcrefresh) From 6efaa1d8066259152cce2eee79fa8115ed55e7a3 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Tue, 1 Nov 2022 21:09:40 -0400 Subject: [PATCH 006/108] Metadata update deployment/usmt 4 --- ...rted-with-the-user-state-migration-tool.md | 36 ++-- .../usmt/migrate-application-settings.md | 48 +++-- .../usmt/migration-store-types-overview.md | 8 +- .../usmt/offline-migration-reference.md | 56 +++--- .../usmt/understanding-migration-xml-files.md | 84 +++++---- .../deployment/usmt/usmt-best-practices.md | 76 ++++---- .../usmt/usmt-choose-migration-store-type.md | 8 +- .../usmt/usmt-command-line-syntax.md | 2 +- windows/deployment/usmt/usmt-common-issues.md | 174 ++++++++---------- .../usmt/usmt-common-migration-scenarios.md | 89 ++++----- .../deployment/usmt/usmt-configxml-file.md | 90 ++++----- .../usmt/usmt-conflicts-and-precedence.md | 68 +++---- .../usmt/usmt-custom-xml-examples.md | 37 +++- .../usmt/usmt-customize-xml-files.md | 84 ++++----- .../usmt/usmt-determine-what-to-migrate.md | 16 +- 15 files changed, 430 insertions(+), 446 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index b651150437..21d4d8c1a0 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -30,38 +30,38 @@ This article outlines the general process that you should follow to migrate file 3. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). -4. Use the **/GenMigXML** command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) +4. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) -5. Modify copies of the Migration.xml and MigDocs.xml files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or **MigXmlHelper.GenerateDocPatterns** helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. +5. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. > [!Important] > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files. - You can use the MigXML.xsd file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). + You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). -6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the **ScanState** command. For example, the following command creates a Config.xml file by using the MigDocs and MigApp.xml files: +6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the `ScanState.exe` command. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: - `scanstate /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scanstate.log` + `scanstate.exe /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scanstate.log` -7. Review the migration state of the components listed in the Config.xml file, and specify `migrate=no` for any components that you don't want to migrate. +7. Review the migration state of the components listed in the `Config.xml` file, and specify `migrate=no` for any components that you don't want to migrate. ## Step 2: Collect files and settings from the source computer 1. Back up the source computer. -2. Close all applications. If some applications are running when you run the **ScanState** command, USMT might not migrate all of the specified data. For example, if Microsoft® Office Outlook® is open, USMT might not migrate PST files. +2. Close all applications. If some applications are running when you run the `Scanstate.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft® Office Outlook® is open, USMT might not migrate PST files. > [!Note] - > USMT will fail if it cannot migrate a file or setting unless you specify the **/C** option. When you specify the **/C** option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the **<ErrorControl>** section in the Config.xml file to specify which errors should be ignored, and which should cause the migration to fail. + > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail. -3. Run the **ScanState** command on the source computer to collect files and settings. You should specify all of the .xml files that you want the **ScanState** command to use. For example, +3. Run the `Scanstate.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `Scanstate.exe` command to use. For example, - `scanstate \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log` + `scanstate.exe \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log` > [!Note] - > If the source computer is running Windows 7, or Windows 8, you must run the **ScanState** command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then click **Run As Administrator**. If the source computer is running Windows XP, you must run the **ScanState** command from an account that has administrative credentials. For more information about the how the **ScanState** command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). + > If the source computer is running Windows 7, or Windows 8, you must run the `Scanstate.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `Scanstate.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). -4. Run the **USMTUtils** command with the **/Verify** option to ensure that the store you created isn't corrupted. +4. Run the `USMTUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted. ## Step 3: Prepare the destination computer and restore files and settings @@ -72,18 +72,18 @@ This article outlines the general process that you should follow to migrate file > [!Note] > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft® Office, which USMT can migrate from an older version to a newer version. -3. Close all applications. If some applications are running when you run the **LoadState** command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. +3. Close all applications. If some applications are running when you run the `Loadstate.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. > [!Note] - > Use **/C** to continue your migration if errors are encountered, and use the **<ErrorControl>** section in the Config.xml file to specify which errors should be ignored, and which errors should cause the migration to fail. + > Use `/C` to continue your migration if errors are encountered, and use the `` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail. -4. Run the **LoadState** command on the destination computer. Specify the same set of .xml files that you specified when you used the **ScanState** command. However, you don't have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the Config.xml file and specify the updated file by using the **LoadState** command. Then, the **LoadState** command will migrate only the files and settings that you want to migrate. For more information about how the **LoadState** command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). +4. Run the `Loadstate.exe` command on the destination computer. Specify the same set of .xml files that you specified when you used the `Scanstate.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `Loadstate.exe` command. Then, the `Loadstate.exe` command will migrate only the files and settings that you want to migrate. For more information about how the `Loadstate.exe` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). For example, the following command migrates the files and settings: - `loadstate \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` + `loadstate.exe \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` > [!Note] - > Run the **LoadState** command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. + > Run the `Loadstate.exe` command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. -5. Log off after you run the **LoadState** command. Some settings (for example, fonts, wallpaper, and screen saver settings) won't take effect until the next time that the user logs on. +5. Sign out after you run the `Loadstate.exe` command. Some settings (for example, fonts, wallpaper, and screen saver settings) won't take effect until the next time that the user logs on. diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 901b8492dd..96de07fa10 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -15,7 +15,7 @@ ms.technology: itpro-deploy You can create a custom .xml file to migrate specific line-of-business application settings or to change the default migration behavior of the User State Migration Tool (USMT) 10.0. For ScanState and LoadState to use this file, you must specify the custom .xml file on both command lines. -This article defines how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using MigApp.xml. You should migrate the settings after you install the application, but before the user runs the application for the first time. +This article defines how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using `MigApp.xml`. You should migrate the settings after you install the application, but before the user runs the application for the first time. This article doesn't contain information about how to migrate applications that store settings in an application-specific store, only the applications that store the information in files or in the registry. It also doesn't contain information about how to migrate the data that users create using the application. For example, if the application creates .doc files using a specific template, this article doesn't discuss how to migrate the .doc files and templates themselves. @@ -45,13 +45,25 @@ There are many ways to detect if an application is installed. The best practice ### Check the registry for an application uninstall key. -When many applications are installed (especially those installed using the Microsoft® Windows® Installer technology), an application uninstall key is created under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall**. For example, when Adobe Acrobat Reader 7 is installed, it creates a key named **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall \\{AC76BA86-7AD7-1033-7B44-A70000000000}**. Therefore, if a computer contains this key, then Adobe Acrobat Reader 7 is installed on the computer. You can check for the existence of a registry key using the **DoesObjectExist** helper function. +When many applications are installed (especially those installed using the Microsoft® Windows® Installer technology), an application uninstall key is created under: -Usually, you can find this key by searching under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall** for the name of the application, the name of the application executable file, or for the name of the company that makes the application. You can use the Registry Editor (**Regedit.exe** located in the %**SystemRoot**%) to search the registry. +`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` + +For example, when Adobe Acrobat Reader 7 is installed, it creates a key named: + +`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall \{AC76BA86-7AD7-1033-7B44-A70000000000}` + +Therefore, if a computer contains this key, then Adobe Acrobat Reader 7 is installed on the computer. You can check for the existence of a registry key using the `DoesObjectExist` helper function. + +Usually, you can find this key by searching under + +`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` + +for the name of the application, the name of the application executable file, or for the name of the company that makes the application. You can use the Registry Editor, `Regedit.exe` located in the `%SystemRoot%`, to search the registry. ### Check the file system for the application executable file. -You should also check the application binaries for the executable that installed the application. To check for application binaries, you'll first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you've determined the path to the application executable, you can use the **DoesFileVersionMatch** helper function to check for the correct version of the application executable. For an example of how to use the **DoesFileVersionMatch** helper function, see the Windows Live™ Messenger section of the MigApp.xml file. +You should also check the application binaries for the executable that installed the application. To check for application binaries, you'll first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you've determined the path to the application executable, you can use the `DoesFileVersionMatch` helper function to check for the correct version of the application executable. For an example of how to use the `DoesFileVersionMatch` helper function, see the Windows Live™ Messenger section of the `MigApp.xml` file. ## Step 2: Identify settings to collect and determine where each setting is stored on the computer. @@ -68,7 +80,7 @@ Next, you should go through the user interface and make a list of all of the ava 3. Filter the output of the tools so it only displays changes being made by the application. > [!Note] - > Most applications store their settings under the user profile. That is, the settings stored in the file system are under the %**UserProfile**% directory, and the settings stored in the registry are under the **HKEY\_CURRENT\_USER** hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine. + > Most applications store their settings under the user profile. That is, the settings stored in the file system are under the `%UserProfile%` directory, and the settings stored in the registry are under the `HKEY_CURRENT_USER` hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine. 4. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you're changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically won't take effect until you close the dialog box by clicking **OK**. @@ -79,7 +91,7 @@ Next, you should go through the user interface and make a list of all of the ava ## Step 3: Identify how to apply the gathered settings. -If the version of the application on the source computer is the same as the one on the destination computer, then you don't have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the C:\\Documents and Settings\\User1\\My Documents folder and the profile directory on the destination computer is located at D:\\Users\\User1, then USMT will automatically migrate the file to D:\\Users\\User1\\My Documents. However, you may need to modify the location of some settings in the following three cases: +If the version of the application on the source computer is the same as the one on the destination computer, then you don't have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the `C:\Documents and Settings\User1\My Documents` folder and the profile directory on the destination computer is located at `D:\Users\User1`, then USMT will automatically migrate the file to `D:\Users\User1\My Documents`. However, you may need to modify the location of some settings in the following three cases: ### Case 1: The version of the application on the destination computer is newer than the one on the source computer. @@ -87,13 +99,13 @@ In this case, the newer version of the application may be able to read the setti - **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings have been migrated. Some applications import settings automatically after settings are migrated. However, other applications will only do import settings if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version (which is the case in most migrations), the computer doesn't contain this set of files and registry keys so the mapping doesn't occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer. - To identify which files and/or registry keys/values need to be created to cause the import, you should upgrade the older version of the application to the newer one and monitor the changes made to the file system and registry by using the same process described in [How To determine where each setting is stored](#bkmkdetermine). Once you know the set of files that the computer needs, you can use the <`addObjects`> element to add them to the destination computer. + To identify which files and/or registry keys/values need to be created to cause the import, you should upgrade the older version of the application to the newer one and monitor the changes made to the file system and registry by using the same process described in [How To determine where each setting is stored](#bkmkdetermine). Once you know the set of files that the computer needs, you can use the **<addObjects>** element to add them to the destination computer. -- [The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.](#bkmkdetermine) In this case, you'll need to create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How To determine where each setting is stored](#bkmkdetermine). After you've created the mapping, apply the settings to the new location on the destination computer using the <`locationModify`> element, and the **RelativeMove** and **ExactMove** helper functions. +- [The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.](#bkmkdetermine) In this case, you'll need to create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How To determine where each setting is stored](#bkmkdetermine). After you've created the mapping, apply the settings to the new location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. ### Case 2: The destination computer already contains settings for the application. -We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. If you must install the application before the migration, you should delete any existing settings using the <`destinationCleanup`> element. If for any reason you want to preserve the settings that are on the destination computer, you can use the <`merge`> element and **DestinationPriority** helper function. +We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. If you must install the application before the migration, you should delete any existing settings using the **<destinationCleanup>** element. If for any reason you want to preserve the settings that are on the destination computer, you can use the **<merge>** element and `DestinationPriority` helper function. ### Case 3: The application overwrites settings when it's installed. @@ -101,10 +113,10 @@ We recommend that you migrate the settings after you install the application, bu ## Step 4: Create the migration XML component for the application -After you have completed steps 1 through 3, you'll need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the MigApp.xml file as a model because it contains examples of many of the concepts discussed in this article. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file. +After you have completed steps 1 through 3, you'll need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the `MigApp.xml` file as a model because it contains examples of many of the concepts discussed in this article. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file. > [!Note] - > We recommend that you create a separate .xml file instead of adding your script to the **MigApp.xml** file. This is because the **MigApp.xml** file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the **MigApp.xml** file will be overwritten by the default version of the file and you will lose your customized version. + > We recommend that you create a separate .xml file instead of adding your script to the `MigApp.xml` file. This is because the `MigApp.xml` file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the `MigApp.xml` file will be overwritten by the default version of the file and you will lose your customized version. > [!Important] > Some applications store information in the user profile that should not be migrated (for example, application installation paths, the computer name, and so on). You should make sure to exclude these files and registry keys from the migration. @@ -113,17 +125,19 @@ Your script should do the following actions: 1. Check whether the application and correct version is installed by: - - Searching for the installation uninstall key under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall** using the **DoesObjectExist** helper function. + - Searching for the installation uninstall key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` using the `DoesObjectExist` helper function. - - Checking for the correct version of the application executable file using the **DoesFileVersionMatch** helper function. + - Checking for the correct version of the application executable file using the `DoesFileVersionMatch` helper function. 2. If the correct version of the application is installed, then ensure that each setting is migrated to the appropriate location on the destination computer. - - If the versions of the applications are the same on both the source and destination computers, migrate each setting using the <`include`> and <`exclude`> elements. + - If the versions of the applications are the same on both the source and destination computers, migrate each setting using the **<include>** and **<exclude>** elements. - - If the version of the application on the destination computer is newer than the one on the source computer, and the application can't import the settings, your script should either 1) add the set of files that trigger the import using the <`addObjects`> element or 2) create a mapping that applies the old settings to the correct location on the destination computer using the <`locationModify`> element, and the **RelativeMove** and **ExactMove** helper functions. + - If the version of the application on the destination computer is newer than the one on the source computer, and the application can't import the settings, your script should either: + 1. Add the set of files that trigger the import using the **<addObjects>** element + 2. Create a mapping that applies the old settings to the correct location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. - - If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the <`destinationCleanup`> element. + - If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the **<destinationCleanup>** element. For information about the .xml elements and helper functions, see [XML Elements Library](usmt-xml-elements-library.md). @@ -131,7 +145,7 @@ For information about the .xml elements and helper functions, see [XML Elements On a test computer, install the operating system that will be installed on the destination computers. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 10 and the application. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly. -To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you're testing. To specify only User1 in the migration, type: **/ue:\*\\\* /ui:user1**. For more information, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md) and User options in the [ScanState Syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration. +To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you're testing. To specify only User1 in the migration, type: `/ue:*\* /ui:user1`. For more information, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md) and User options in the [ScanState Syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration. ## Related articles diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index c325842a0a..408d785e78 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -39,7 +39,7 @@ The compressed migration store is a single image file that contains all files be A hard-link migration store functions as a map that defines how a collection of bits on the hard disk are "wired" into the file system. You use the new USMT hard-link migration store in the PC Refresh scenario only. You only use hard-link migration stores in Refresh scenarios because the hard-link migration store is maintained on the local computer while the old operating system is removed and the new operating system is installed. Using a hard-link migration store saves network bandwidth and minimizes the server use needed to accomplish the migration. -You use a command-line option,**/hardlink** , to create a hard-link migration store, which functions the same as an uncompressed migration store. Files aren't duplicated on the local computer when user state is captured, nor are they duplicated when user state is restored. For more information, see [Hard-Link Migration Store](usmt-hard-link-migration-store.md). +You use the command-line option `/hardlink` to create a hard-link migration store, which functions the same as an uncompressed migration store. Files aren't duplicated on the local computer when user state is captured, nor are they duplicated when user state is restored. For more information, see [Hard-Link Migration Store](usmt-hard-link-migration-store.md). The following flowchart illustrates the procedural differences between a local migration store and a remote migration store. In this example, a hard-link migration store is used for the local store. @@ -49,14 +49,14 @@ The following flowchart illustrates the procedural differences between a local m If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. -If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share C:\\store on the destination computer. Then run the ScanState command on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store. Then, run the **LoadState** command on the destination computer and specify **C:\\Store** as the store location. By doing this process, you don't need to save the files to a server. +If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share `C:\store` on the destination computer. Then run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store`. Then, run the `Loadstate.exe` command on the destination computer and specify `C:\Store` as the store location. By doing this process, you don't need to save the files to a server. > [!Important] -> If possible, have users store their data within their %UserProfile%\\My Documents and %UserProfile%\\Application Data folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. +> If possible, have users store their data within their `%UserProfile%\My Documents` and `%UserProfile%\Application Data` folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. ### The /localonly Command-Line Option -You should use this option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify **/LocalOnly**, see [ScanState Syntax](usmt-scanstate-syntax.md). +You should use this option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify `/LocalOnly`, see [ScanState Syntax](usmt-scanstate-syntax.md). ## Related articles diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index da74e771c4..e0ec4d4ad1 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -15,15 +15,15 @@ ms.technology: itpro-deploy Offline migration enables the ScanState tool to run inside a different Windows® operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios: -- **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. +- **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. -- **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory. +- **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory. -When you use User State Migration Tool (USMT) 10.0 to gather and restore user state, offline migration reduces the cost of deployment by: +When you use User State Migration Tool (USMT) 10.0 to gather and restore user state, offline migration reduces the cost of deployment by: - **Reducing complexity.** In computer-refresh scenarios, migrations from the Windows.old directory reduce complexity by eliminating the need for the ScanState tool to be run before the operating system is deployed. Also, migrations from the Windows.old directory enable ScanState and LoadState to be run successively. -- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. This may increase performance on older machines with limited hardware resources and numerous installed software applications. +- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. Running USMT in WinPE may increase performance on older machines with limited hardware resources and numerous installed software applications. - **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE. @@ -65,15 +65,15 @@ The following table defines the supported combination of online and offline oper |Running Operating System|Offline Operating System| |--- |--- | -|WinPE 5.0 or greater, with the MSXML library|Windows Vista, Windows 7, Windows 8, Windows 10| -|Windows 7, Windows 8, Windows 10|Windows.old directory| +|WinPE 5.0 or greater, with the MSXML library|Windows 7, Windows 8, Windows 10| +|Windows 7, Windows 8, Windows 10|Windows.old directory| -**Note**   -It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](/previous-versions/windows/it-pro/windows-7/ee424315(v=ws.10)). +> [!Note] +> It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](/previous-versions/windows/it-pro/windows-7/ee424315(v=ws.10)). ## User-Group Membership and Profile Control -User-group membership is not preserved during offline migrations. You must configure a **<ProfileControl>** section in the Config.xml file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group: +User-group membership isn't preserved during offline migrations. You must configure a **<ProfileControl>** section in the `Config.xml` file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group: ``` xml @@ -91,7 +91,7 @@ User-group membership is not preserved during offline migrations. You must confi ``` -For information about the format of a Config.xml file, see [Config.xml File](usmt-configxml-file.md). +For information about the format of a `Config.xml` file, see [Config.xml File](usmt-configxml-file.md). ## Command-Line Options @@ -100,10 +100,10 @@ An offline migration can either be enabled by using a configuration file on the |Component|Option|Description| |--- |--- |--- | |ScanState.exe|**/offline:***<path to offline.xml>*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.| -|ScanState.exe|**/offlineWinDir:***<Windows directory>*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It is only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.| -|ScanState.exe|**/OfflineWinOld:***<Windows.old directory>*|This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| +|ScanState.exe|**/offlineWinDir:***<Windows directory>*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It's only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.| +|ScanState.exe|**/OfflineWinOld:***<Windows.old directory>*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| -You can use only one of the **/offline**, **/offlineWinDir**, or **/OfflineWinOld** command-line options at a time; USMT does not support using more than one together. +You can use only one of the `/offline`, `/offlineWinDir`, or `/OfflineWinOld` command-line options at a time. USMT doesn't support using more than one together. ## Environment Variables @@ -111,50 +111,54 @@ The following system environment variables are necessary in the scenarios outlin |Variable|Value|Scenario| |--- |--- |--- | -|USMT_WORKING_DIR|Full path to a working directory|Required when USMT binaries are located on read-only media, which does not support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following: 
Set USMT_WORKING_DIR=[path to working directory]
| -|MIG_OFFLINE_PLATFORM_ARCH|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system does not match the WinPE and Scanstate.exe architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. This is required when auto-detection of the offline architecture doesn't function properly, for example, when the source system is running a 64-bit version of Windows XP. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| +|USMT_WORKING_DIR|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command: 
Set USMT_WORKING_DIR=[path to working directory]
| +|MIG_OFFLINE_PLATFORM_ARCH|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `Scanstate.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| ## Offline.xml Elements -Use an offline.xml file when running the ScanState tool on a computer that has multiple Windows directories. The offline.xml file specifies which directories to scan for windows files. An offline.xml file can be used with the /offline option as an alternative to specifying a single Windows directory path with the /offlineDir option. +Use an `offline.xml` file when running the ScanState tool on a computer that has multiple Windows directories. The `offline.xml` file specifies which directories to scan for windows files. An `offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option. ### <offline> This element contains other elements that define how an offline migration is to be performed. -Syntax: <offline> </offline> +Syntax: `` `` ### <winDir> This element is a required child of **<offline>** and contains information about how the offline volume can be selected. The migration will be performed from the first element of **<winDir>** that contains a valid Windows system volume. -Syntax: < winDir > </ winDir > +Syntax: `` `` ### <path> This element is a required child of **<winDir>** and contains a file path pointing to a valid Windows directory. Relative paths are interpreted from the ScanState tool's working directory. -Syntax: <path> c:\\windows </path> +Syntax: ` C:\Windows ` -or- -Syntax, when used with the **<mappings>** element: <path> C:\\, D:\\ </path> +Syntax, when used with the **<mappings>** element: ` C:\, D:\ ` ### <mappings> This element is an optional child of **<offline>**. When specified, the **<mappings>** element will override the automatically detected WinPE drive mappings. Each child **<path>** element will provide a mapping from one system volume to another. Additionally, mappings between folders can be provided, since an entire volume can be mounted to a specific folder. -Syntax: <mappings> </mappings> +Syntax: `` `` ### <failOnMultipleWinDir> -This element is an optional child of **<offline>**. The **<failOnMultipleWinDir>** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **<failOnMultipleWinDir>** element isn't present, the default behavior is that the migration does not fail. +This element is an optional child of **<offline>**. The **<failOnMultipleWinDir>** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **<failOnMultipleWinDir>** element isn't present, the default behavior is that the migration doesn't fail. -Syntax: <failOnMultipleWinDir>1</failOnMultipleWinDir> or Syntax: <failOnMultipleWinDir>0</failOnMultipleWinDir> +Syntax: `1` + +-or- + +Syntax: `0` ### Offline .xml Example -The following XML example illustrates some of the elements discussed earlier in this topic. +The following XML example illustrates some of the elements discussed earlier in this article. ``` xml @@ -167,6 +171,6 @@ The following XML example illustrates some of the elements discussed earlier in ``` -## Related topics +## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan Your Migration](usmt-plan-your-migration.md) \ No newline at end of file diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index d94ad7300b..9d0c7dd33b 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -13,9 +13,9 @@ ms.technology: itpro-deploy # Understanding Migration XML Files -You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the MigDocs.xml and MigUser.xml files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a Config.xml file to further customize your migration. +You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the `MigDocs.xml` and `MigUser.xml` files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a `Config.xml` file to further customize your migration. -This topic provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file. The MigDocs.xml file uses the new **GenerateDocPatterns** function available in USMT to automatically find user documents on a source computer. +This article provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the `MigDocs.xml` file. The `MigDocs.xml` file uses the new `GenerateDocPatterns` function available in USMT to automatically find user documents on a source computer. ## In this topic @@ -45,23 +45,27 @@ This topic provides an overview of the default and custom migration XML files an ## Overview of the Config.xml file -The Config.xml file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The Config.xml file can be used with other XML files, such as in the following example: `scanstate /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\config.xml`. When used this way, the Config.xml file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the Config.xml file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). +The `Config.xml` file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The `Config.xml` file can be used with other XML files, such as in the following example: + +`scanstate.exe /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\Config.xml` + +When used this way, the `Config.xml` file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the `Config.xml` file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). > [!NOTE] -> When modifying the XML elements in the Config.xml file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. +> When modifying the XML elements in the `Config.xml` file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. ## Overview of the MigApp.xml file -The MigApp.xml file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the MigApp.xml file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The MigDocs.xml and MigUser.xml files do not migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). +The `MigApp.xml` file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the `MigApp.xml` file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The `MigDocs.xml` and `MigUser.xml` files don't migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). > [!Important] > The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that are not linked to Outlook, see the [Sample migration rules for customized versions of XML files](#bkmk-samples). ## Overview of the MigDocs.xml file -The MigDocs.xml file uses the new **GenerateDocPatterns** helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the MigDocs.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. +The `MigDocs.xml` file uses the new `GenerateDocPatterns` helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the `MigDocs.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. -The default MigDocs.xml file migrates the following: +The default `MigDocs.xml` file migrates the following data: - All files on the root of the drive except %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA%, or %USERS%. @@ -115,7 +119,7 @@ The default MigDocs.xml file migrates the following: - FOLDERID\_RecordedTV -The default MigDocs.xml file will not migrate the following: +The default `MigDocs.xml` file won't migrate the following data: - Files tagged with both the **hidden** and **system** attributes. @@ -125,13 +129,13 @@ The default MigDocs.xml file will not migrate the following: - Folders that contain installed applications. -You can also use the **/genmigxml** option with the ScanState tool to review and modify what files will be migrated. +You can also use the `/genmigxml` option with the ScanState tool to review and modify what files will be migrated. ## Overview of the MigUser.xml file -The MigUser.xml file includes instructions for USMT to migrate user files based on file name extensions. You can use the MigUser.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The MigUser.xml file will gather all files from the standard user-profile folders, and any files on the computer with the specified file name extensions. +The `MigUser.xml` file includes instructions for USMT to migrate user files based on file name extensions. You can use the `MigUser.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The `MigUser.xml` file will gather all files from the standard user-profile folders, and any files on the computer with the specified file name extensions. -The default MigUser.xml file migrates the following: +The default `MigUser.xml` file migrates the following data: - All files from the standard user-profile folders, which are described as: @@ -153,9 +157,9 @@ The default MigUser.xml file migrates the following: - Files with the following extensions: - `.qdf`, `.qsd`, `.qel`, `.qph`, `.doc\*`, `.dot\*`, `.rtf`, `.mcw`, `.wps`, `.scd`, `.wri`, `.wpd`, `.xl\*`, `.csv`, `.iqy`, `.dqy`, `.oqy`, `.rqy`, `.wk\*`, `.wq1`, `.slk`, `.dif`, `.ppt\*`, `.pps\*`, `.pot\*`, `.sh3`, `.ch3`, `.pre`, `.ppa`, `.txt`, `.pst`, `.one\*`, `.vl\*`, `.vsd`, `.mpp`, `.or6`, `.accdb`, `.mdb`, `.pub` + `.qdf`, `.qsd`, `.qel`, `.qph`, `.doc*`, `.dot*`, `.rtf`, `.mcw`, `.wps`, `.scd`, `.wri`, `.wpd`, `.xl*`, `.csv`, `.iqy`, `.dqy`, `.oqy`, `.rqy`, `.wk*`, `.wq1`, `.slk`, `.dif`, `.ppt*`, `.pps*`, `.pot*`, `.sh3`, `.ch3`, `.pre`, `.ppa`, `.txt`, `.pst`, `.one*`, `.vl*`, `.vsd`, `.mpp`, `.or6`, `.accdb`, `.mdb`, `.pub` -The default MigUser.xml file does not migrate the following: +The default `MigUser.xml` file doesn't migrate the following data: - Files tagged with both the **hidden** and **system** attributes. @@ -165,10 +169,10 @@ The default MigUser.xml file does not migrate the following: - ACLS for files in folders outside the user profile. -You can make a copy of the MigUser.xml file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the MigUser.xml file to move all of your relevant data, regardless of the location of the files. However, this provision may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. +You can make a copy of the `MigUser.xml` file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the `MigUser.xml` file to move all of your relevant data, regardless of the location of the files. However, this provision may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. > [!NOTE] -> Each file name extension you include in the rules within the MigUser.xml file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. +> Each file name extension you include in the rules within the `MigUser.xml` file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. ## Using multiple XML files @@ -178,45 +182,47 @@ You can use multiple XML files with the ScanState and LoadState tools. Each of t |--- |--- | |Config.xml file|Operating-system components such as desktop wallpaper and background theme.
You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| |MigApps.xml file|Applications settings.| -|MigUser.xml or MigDocs.xml files|User files and profile settings.| +|MigUser.xml or `MigDocs.xml` files|User files and profile settings.| |Custom XML files|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.| For example, you can use all of the XML migration file types for a single migration, as in the following example: ```console -Scanstate /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml +Scanstate.exe /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml ``` ### XML rules for migrating user files > [!IMPORTANT] -> You should not use the MigUser.xml and MigDocs.xml files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. +> You should not use the `MigUser.xml` and `MigDocs.xml` files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. -If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location. The MigUser.xml file migrates only the files with the specified file name extensions. +If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file will gather a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location. The `MigUser.xml` file migrates only the files with the specified file name extensions. If you want more control over the migration, you can create custom XML files. See the [Creating and editing a custom ,xml file](#bkmk-createxml) section of this document. ## Creating and editing a custom XML file -You can use the **/genmigxml** command-line option to determine which files will be included in your migration. The **/genmigxml** option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. +You can use the `/genmigxml` command-line option to determine which files will be included in your migration. The `/genmigxml` option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. > [!NOTE] > If you reinstall USMT, the default migration XML files will be overwritten and any customizations you make directly to these files will be lost. Consider creating separate XML files for your custom migration rules and saving them in a secure location. To generate the XML migration rules file for a source computer: -1. Click **Start**, click **All Programs**, click **Accessories**, right-click **Command Prompt**, and then click **Run as**. +1. Select **Start** > **All Programs** > **Accessories** + +2. Right-click **Command Prompt**, and then select **Run as**. -2. Select an account with administrator privileges, supply a password, and then click **OK**. +3. Select an account with administrator privileges, supply a password, and then select **OK**. -3. At the command prompt, type: +4. At the command prompt, type: ```console cd /d scanstate.exe /genmigxml: ``` - Where *<USMTpath>* is the location on your source computer where you have saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, type: + Where *<USMTpath>* is the location on your source computer where you've saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, type: ```console cd /d c:\USMT @@ -225,19 +231,19 @@ To generate the XML migration rules file for a source computer: ### The GenerateDocPatterns function -The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes three Boolean values. You can change the settings to modify the way the MigDocs.xml file generates the XML rules for migration. +The `MigDocs.xml` file calls the `GenerateDocPatterns` function, which takes three Boolean values. You can change the settings to modify the way the `MigDocs.xml` file generates the XML rules for migration. -- `ScanProgramFiles`: This argument is valid only when the **GenerateDocPatterns** function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications. +- `ScanProgramFiles`: This argument is valid only when the `GenerateDocPatterns` function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications. **Default value**: False - For example, when set to **TRUE**, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The **GenerateDocPatterns** function generates this inclusion pattern for `.doc` files: + For example, when set to **TRUE**, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The `GenerateDocPatterns` function generates this inclusion pattern for `.doc` files: `C:\Program Files\Microsoft Office[.doc]` If a child folder of an included folder contains an installed application, ScanProgramFiles will also create an exclusion rule for the child folder. All folders under the application folder will be scanned recursively for registered file name extensions. -- `IncludePatterns`: This argument determines whether to generate exclude or include patterns in the XML. When this argument is set to **TRUE**, the **GenerateDocPatterns** function generates include patterns and the function must be added under the `` element. Changing this argument to **FALSE** generates exclude patterns and the function must be added under the `` element. +- `IncludePatterns`: This argument determines whether to generate exclude or include patterns in the XML. When this argument is set to **TRUE**, the `GenerateDocPatterns` function generates include patterns, and the function must be added under the `` element. Changing this argument to **FALSE** generates exclude patterns and the function must be added under the `` element. **Default value**: True @@ -283,11 +289,11 @@ To create exclude data patterns: ### Understanding the system and user context -The migration XML files contain two <component> elements with different **context** settings. The system context applies to files on the computer that are not stored in the User Profiles directory, while the user context applies to files that are particular to an individual user. +The migration XML files contain two <component> elements with different **context** settings. The system context applies to files on the computer that aren't stored in the User Profiles directory, while the user context applies to files that are particular to an individual user. **System context** -The system context includes rules for data outside of the User Profiles directory. For example, when called in a system context in the MigDocs.xml file, the **GenerateDocPatterns** function creates patterns for all common shell folders, files in the root directory of hard drives, and folders located at the root of hard drives. The following folders are included: +The system context includes rules for data outside of the User Profiles directory. For example, when called in a system context in the `MigDocs.xml` file, the `GenerateDocPatterns` function creates patterns for all common shell folders, files in the root directory of hard drives, and folders located at the root of hard drives. The following folders are included: - CSIDL\_COMMON\_DESKTOPDIRECTORY @@ -305,7 +311,7 @@ The system context includes rules for data outside of the User Profiles director **User context** -The user context includes rules for data in the User Profiles directory. When called in a user context in the MigDocs.xml file, the **GenerateDocPatterns** function creates patterns for all user shell folders, files located at the root of the profile, and folders located at the root of the profile. The following folders are included: +The user context includes rules for data in the User Profiles directory. When called in a user context in the `MigDocs.xml` file, the `GenerateDocPatterns` function creates patterns for all user shell folders, files located at the root of the profile, and folders located at the root of the profile. The following folders are included: - CSIDL\_MYDOCUMENTS @@ -334,7 +340,7 @@ The user context includes rules for data in the User Profiles directory. When ca - FOLDERID\_RecordedTV > [!NOTE] -> Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the MigDocs.xml files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. +> Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the `MigDocs.xml` files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. ### Sample migration rules for customized versions of XML files @@ -343,14 +349,14 @@ The user context includes rules for data in the User Profiles directory. When ca ### Exclude rules usage examples -In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default MigDocs.xml behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: +In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default `MigDocs.xml` behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: | Rule | Syntax | |--- |--- | |Rule 1|`d:\new folder[new text document.txt]`| |Rule 2|`d:\new folder[]`| -To exclude the new text document.txt file and any .txt files in "new folder", you can do the following: +To exclude the new text document.txt file and any .txt files in "new folder", you can do the following modification: **Example 1: Exclude all .txt files in a folder** @@ -367,7 +373,7 @@ To exclude Rule 1, there needs to be an exact match of the file name. However, f **Example 2: Use the UnconditionalExclude element to give a rule precedence over include rules** -If you do not know the file name or location of the file, but you do know the file name extension, you can use the **GenerateDrivePatterns** function. However, the rule will be less specific than the default include rule generated by the MigDocs.xml file, so it will not have precedence. You must use the <UnconditionalExclude> element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). +If you don't know the file name or location of the file, but you do know the file name extension, you can use the `GenerateDrivePatterns` function. However, the rule will be less specific than the default include rule generated by the `MigDocs.xml` file, so it will not have precedence. You must use the <UnconditionalExclude> element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). ``` xml @@ -400,11 +406,11 @@ For more examples of exclude rules that you can use in custom migration XML file ### Include rules usage examples -The application data directory is the most common location that you would need to add an include rule for. The **GenerateDocPatterns** function excludes this location by default. If your company uses an application that saves important data to this location, you can create include rules to migrate the data. For example, the default location for .pst files is: `%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook`. The Migapp.xml file contains migration rules to move only those .pst files that are linked to Microsoft Outlook. To include .pst files that are not linked, you can do the following: +The application data directory is the most common location that you would need to add an include rule for. The `GenerateDocPatterns` function excludes this location by default. If your company uses an application that saves important data to this location, you can create include rules to migrate the data. For example, the default location for .pst files is: `%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook`. The `MigApp.xml` file contains migration rules to move only those .pst files that are linked to Microsoft Outlook. To include .pst files that aren't linked, you can do the following modification: **Example 1: Include a file name extension in a known user folder** -This rule will include .pst files that are located in the default location, but are not linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer. +This rule will include .pst files that are located in the default location, but aren't linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer. ``` xml @@ -433,11 +439,11 @@ For more examples of include rules that you can use in custom migration XML file ## Next steps -You can include additional rules for the migration in the MigDocs.xml file or other XML migration files. For example, you can use the `` element to move files from the folder where they were gathered to a different folder, when they are applied to the destination computer. +You can include additional rules for the migration in the `MigDocs.xml` file or other XML migration files. For example, you can use the `` element to move files from the folder where they were gathered to a different folder, when they're applied to the destination computer. You can use an XML schema (MigXML.xsd) file to validate the syntax of your customized XML files. For more information, see [USMT Resources](usmt-resources.md). -## Related topics +## Related articles [Exclude Files and Settings](usmt-exclude-files-and-settings.md) diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 8ad4d611f8..059df90121 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -1,6 +1,6 @@ --- title: USMT Best Practices (Windows 10) -description: This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. +description: This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. ms.custom: seo-marvel-apr2020 ms.reviewer: manager: aaroncz @@ -14,61 +14,56 @@ ms.technology: itpro-deploy # USMT Best Practices - -This topic discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. +This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. ## General Best Practices - - **Install applications before running the LoadState tool** - Though it is not always essential, it is best practice to install all applications on the destination computer before restoring the user state. This helps ensure that migrated settings are preserved. + Though it isn't always essential, it's best practice to install all applications on the destination computer before restoring the user state. Installing applications before restoring user state helps ensure that migrated settings are preserved. -- **Do not use MigUser.xml and MigDocs.xml together** +- **Don't use MigUser.xml and MigDocs.xml together** - If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the **/genmigxml** command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md). + If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the `/genmigxml` command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md). - **Use MigDocs.xml for a better migration experience** - If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml file is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The MigUser.xml file migrates only the files with the specified file extensions. + If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` file is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file will gather a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The `MigUser.xml` file migrates only the files with the specified file extensions. - **Close all applications before running either the ScanState or LoadState tools** - Although using the **/vsc** switch can allow the migration of many files that are open with another application it is a best practice to close all applications in order to ensure all files and settings migrate. Without the **/vsc** or **/c** switch USMT will fail when it cannot migrate a file or setting. When you use the **/c** option USMT will ignore any files or settings that it cannot migrate and log an error each time. + Although using the `/vsc` switch can allow the migration of many files that are open with another application, it's a best practice to close all applications in order to ensure all files and settings migrate. Without the `/vsc` or `/c` switch USMT will fail when it can't migrate a file or setting. When you use the `/c` option, USMT will ignore any files or settings that it can't migrate and log an error each time. - **Log off after you run the LoadState** - Some settings, such as fonts, wallpaper, and screensaver settings, will not take effect until the next time the user logs on. For this reason, you should log off after you run the LoadState tool. + Some settings, such as fonts, wallpaper, and screensaver settings, won't take effect until the next time the user logs on. For this reason, you should sign out after you run the LoadState tool. - **Managed environment** - To create a managed environment, you can move all of the end user’s documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. This will help you to clean up files on the destination computer, if the LoadState command fails before completion. + To create a managed environment, you can move all of the end user's documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. Minimizing folders will help you to clean up files on the destination computer, if the `LoadState.exe` command fails before completion. - **Chkdsk.exe** - We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](/previous-versions/windows/it-pro/windows-xp/bb490876(v=technet.10)). + We recommend that you run **Chkdsk.exe** before running the ScanState and LoadState tools. **Chkdsk.exe** creates a status report for a hard disk drive and lists and corrects common errors. For more information about the **Chkdsk.exe** tool, see [Chkdsk](/previous-versions/windows/it-pro/windows-xp/bb490876(v=technet.10)). - **Migrate in groups** - If you decide to perform the migration while users are using the network, it is best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups. + If you decide to perform the migration while users are using the network, it's best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups. ## Security Best Practices - As the authorized administrator, it is your responsibility to protect the privacy of the users and maintain security during and after the migration. In particular, you must consider the following issues: - **Encrypting File System (EFS)** - Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). + Take extreme caution when migrating encrypted files, because the end user doesn't need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). - **Important**   - If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. - - + > [!Note] + > If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. - **Encrypt the store** - Consider using the **/encrypt** option with the ScanState command and the **/decrypt** option with the LoadState command. However, use extreme caution with this set of options, because anyone who has access to the ScanState command-line script also has access to the encryption key. + Consider using the `/encrypt` option with the `ScanState.exe` command and the `/decrypt` option with the `LoadState.exe` command. However, use extreme caution with this set of options, because anyone who has access to the `ScanState.exe` command-line script also has access to the encryption key. - **Virus Scan** @@ -76,26 +71,25 @@ As the authorized administrator, it is your responsibility to protect the privac - **Maintain security of the file server and the deployment server** - We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657). + We recommend that you manage the security of the file and deployment servers. It's important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files isn't exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657). - **Password Migration** - To ensure the privacy of the end users, USMT does not migrate passwords, including those for applications such as Windows Live™ Mail, Microsoft Internet Explorer®, as well as Remote Access Service (RAS) connections and mapped network drives. It is important to make sure that end users know their passwords. + To ensure the privacy of the end users, USMT doesn't migrate passwords, including passwords for applications such as Windows Live™ Mail, Microsoft Internet Explorer®, and Remote Access Service (RAS) connections and mapped network drives. It's important to make sure that end users know their passwords. - **Local Account Creation** - Before you migrate local accounts, see the Migrating Local Accounts section in the [Identify Users](usmt-identify-users.md) topic. + Before you migrate local accounts, see the Migrating Local Accounts section in the [Identify Users](usmt-identify-users.md) article. ## XML File Best Practices - - **Specify the same set of mig\*.xml files in both the ScanState and the LoadState tools** - If you used a particular set of mig\*.xml files in the ScanState tool, either called through the "/auto" option, or individually through the "/i" option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. + If you used a particular set of mig\*.xml files in the ScanState tool, either called through the `/auto` option, or individually through the `/i` option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. - **The <CustomFileName> in the migration urlid should match the name of the file** - Although it is not a requirement, it is good practice for <CustomFileName> to match the name of the file. For example, the following is from the MigApp.xml file: + Although it isn't a requirement, it's good practice for **<CustomFileName>** to match the name of the file. For example, the following example is from the `MigApp.xml` file: ``` xml @@ -104,15 +98,15 @@ As the authorized administrator, it is your responsibility to protect the privac - **Use the XML Schema (MigXML.xsd) when authoring .xml files to validate syntax** - The MigXML.xsd schema file should not be included on the command line or in any of the .xml files. + The `MigXML.xsd` schema file shouldn't be included on the command line or in any of the .xml files. - **Use the default migration XML files as models** - To create a custom .xml file, you can use the migration .xml files as models to create your own. If you need to migrate user data files, model your custom .xml file on MigUser.xml. To migrate application settings, model your custom .xml file on the MigApp.xml file. + To create a custom .xml file, you can use the migration .xml files as models to create your own. If you need to migrate user data files, model your custom .xml file on `MigUser.xml`. To migrate application settings, model your custom .xml file on the `MigApp.xml` file. - **Consider the impact on performance when using the <context> parameter** - Your migration performance can be affected when you use the <context> element with the <component> element; for example, as in when you want to encapsulate logical units of file- or path-based <include> and <exclude> rules. + Your migration performance can be affected when you use the **<context>** element with the **<component>** element; for example, as in when you want to encapsulate logical units of file- or path-based **<include>** and **<exclude>** rules. In the **User** context, a rule is processed one time for each user on the system. @@ -120,32 +114,24 @@ As the authorized administrator, it is your responsibility to protect the privac In the **UserAndSystem** context, a rule is processed one time for each user on the system and one time for the system. - **Note**   - The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once. - - + > [!Note] + > The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once. - **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files** - For example, if you have code that migrates the settings for an application, you should not just add the code to the MigApp.xml file. + For example, if you have code that migrates the settings for an application, you shouldn't just add the code to the `MigApp.xml` file. - **You should not create custom .xml files to alter the operating system settings that are migrated** - These settings are migrated by manifests and you cannot modify those files. If you want to exclude certain operating system settings from the migration, you should create and modify a Config.xml file. + These settings are migrated by manifests and you can't modify those files. If you want to exclude certain operating system settings from the migration, you should create and modify a `Config.xml` file. - **You can use the asterisk (\*) wildcard character in any migration XML file that you create** - **Note**   - The question mark is not valid as a wildcard character in USMT .xml files. - - - -## Related topics + > [!Note] + > The question mark is not valid as a wildcard character in USMT .xml files. +## Related articles [Migration Store Encryption](usmt-migration-store-encryption.md) -[Plan Your Migration](usmt-plan-your-migration.md) - - - +[Plan Your Migration](usmt-plan-your-migration.md) \ No newline at end of file diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index 3331b56156..702d5a9783 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Choose a Migration Store Type -One of the main considerations for planning your migration is to determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers, and how much space is needed to create and host the migration store, whether you are using a local share, network share, or storage device. The final consideration is ensuring that user date integrity is maintained by encrypting the migration store. +One of the main considerations for planning your migration is to determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers, and how much space is needed to create and host the migration store, whether you're using a local share, network share, or storage device. The final consideration is ensuring that user date integrity is maintained by encrypting the migration store. ## In This Section @@ -21,11 +21,11 @@ One of the main considerations for planning your migration is to determine which |--- |--- | |[Migration Store Types Overview](migration-store-types-overview.md)|Choose the migration store type that works best for your needs and migration scenario.| |[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)|Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.| -|[Hard-Link Migration Store](usmt-hard-link-migration-store.md)|Learn about hard-link migration stores and the scenarios in which they are used.| +|[Hard-Link Migration Store](usmt-hard-link-migration-store.md)|Learn about hard-link migration stores and the scenarios in which they're used.| |[Migration Store Encryption](usmt-migration-store-encryption.md)|Learn about the using migration store encryption to protect user data integrity during a migration.| -## Related topics +## Related articles [Plan Your Migration](usmt-plan-your-migration.md) -[User State Migration Tool (USMT) How-to topics](usmt-how-to.md) +[User State Migration Tool (USMT) How-to topics](usmt-how-to.md) \ No newline at end of file diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 116f2b60db..5807186f04 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # User State Migration Tool (USMT) Command-line Syntax -The User State Migration Tool (USMT) 10.0 migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation. +The User State Migration Tool (USMT) 10.0 migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation. ## In This Section diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 556391a040..65c77a5059 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -1,6 +1,6 @@ --- title: Common Issues (Windows 10) -description: Learn about common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. +description: Learn about common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,12 +13,10 @@ ms.technology: itpro-deploy # Common Issues - -The following sections discuss common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. USMT produces log files that describe in further detail any errors that occurred during the migration process. These logs can be used to troubleshoot migration failures. +The following sections discuss common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. USMT produces log files that describe in further detail any errors that occurred during the migration process. These logs can be used to troubleshoot migration failures. ## In this topic - [User Account Problems](#user) [Command-line Problems](#command) @@ -31,42 +29,36 @@ The following sections discuss common issues that you might see when you run the [Hard Link Migration Problems](#bkmk-hardlink) -[USMT does not migrate the Start layout](#usmt-does-not-migrate-the-start-layout) +[USMT doesn't migrate the Start layout](#usmt-does-not-migrate-the-start-layout) ## General Guidelines for Identifying Migration Problems - When you encounter a problem or error message during migration, you can use the following general guidelines to help determine the source of the problem: - Examine the ScanState, LoadState, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). For more information about Windows API error messages, type **nethelpmsg** on the command line. - In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**:5 option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger. + In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the `/v:5` option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger. - **Note** - Running the ScanState and LoadState tools with the **/v**:5 option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred. + > [!Note] + > Running the ScanState and LoadState tools with the `/v:5` option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred. - +- Use the `/Verify` option with the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md). -- Use the **/Verify** option in the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md). +- Use the `/Extract` option with the UsmtUtils tool to extract files from a compressed migration store. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). -- Use the **/Extract** option in the UsmtUtils tool to extract files from a compressed migration store. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). - -- Create a progress log using the **/Progress** option to monitor your migration. +- Create a progress log using the `/Progress` option to monitor your migration. - For the source and destination computers, obtain operating system information, and versions of applications such as Internet Explorer and any other relevant programs. Then verify the exact steps that are needed to reproduce the problem. This information might help you to understand what is wrong and to reproduce the issue in your testing environment. -- Log off after you run the LoadState tool. Some settings—for example, fonts, desktop backgrounds, and screen-saver settings—will not take effect until the next time the end user logs on. +- Sign out after you run the LoadState tool. Some settings such as fonts, desktop backgrounds, and screen-saver settings won't take effect until the next time the end user logs on. - Close all applications before running ScanState or LoadState tools. If some applications are running during the ScanState or LoadState process, USMT might not migrate some data. For example, if Microsoft Outlook® is open, USMT might not migrate PST files. - **Note** - USMT will fail if it cannot migrate a file or setting unless you specify the **/c** option. When you specify the **/c** option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that did not migrate. - - + > [!Note] + > USMT will fail if it can't migrate a file or setting unless you specify the `/c` option. When you specify the `/c` option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that didn't migrate. ## User Account Problems - The following sections describe common user account problems. Expand the section to see recommended solutions. ### I'm having problems creating local accounts on the destination computer. @@ -77,37 +69,35 @@ The following sections describe common user account problems. Expand the section **Causes/Resolutions** There are two possible causes for this problem: -When running the ScanState tool on Windows Vista, or the ScanState and LoadState tools on Windows 7, Windows 8, or Windows 10, you must run them in Administrator mode from an account with administrative credentials to ensure that all specified users are migrated. To run in Administrator mode: +When running the ScanState and LoadState tools on Windows 7, Windows 8, or Windows 10, you must run them in Administrator mode from an account with administrative credentials to ensure that all specified users are migrated. To run in Administrator mode: -1. Click **Start**. +1. Select **Start** > **All Programs** > **Accessories**. -2. Click **All Programs**. +2. Right-click **Command Prompt**. -3. Click **Accessories**. +3. Select **Run as administrator**. + +4. Specify the `LoadState.exe` or `ScanState.exe` command. -4. Right-click **Command Prompt**. +If you don't run USMT in Administrator mode, only the user profile that is logged on will be included in the migration. -5. Click **Run as administrator**. - -Then specify your LoadState or ScanState command. If you do not run USMT in Administrator mode, only the user profile that is logged on will be included in the migration. - -Any user accounts on the computer that have not been used will not be migrated. For example, if you add User1 to the computer, but User1 never logs on, then USMT will not migrate the User1 account. +Any user accounts on the computer that haven't been used won't be migrated. For example, if you add User1 to the computer, but User1 never logs on, then USMT won't migrate the User1 account. ### User accounts that I excluded were migrated to the destination computer. -**Cause:** The command that you specified might have had conflicting **/ui** and **/ue** options. If a user is specified with the **/ui** option and is also specified to be excluded with either the **/ue** or **/uel** options, the user will be included in the migration. For example, if you specify `/ui:domain1\* /ue:domain1\user1`, then User1 will be migrated because the **/ui** option takes precedence. +**Cause:** The command that you specified might have had conflicting `ui` and `/ue` options. If a user is specified with the `/ui` option and with either the `/ue` or `/uel` options at the same time, the user will be included in the migration. For example, if you specify `/ui:domain1\* /ue:domain1\user1`, then User1 will be migrated because the `/ui` option takes precedence. -**Resolution:** For more information about how to use the **/ui** and **/ue** options together, see the examples in the [ScanState Syntax](usmt-scanstate-syntax.md) topic. +**Resolution:** For more information about how to use the `/ui` and `/ue` options together, see the examples in the [ScanState Syntax](usmt-scanstate-syntax.md) article. -### I am using the /uel option, but many accounts are still being included in the migration. +### I'm using the /uel option, but many accounts are still being included in the migration. -**Cause** The **/uel** option depends on the last modified date of the users' NTUser.dat file. There are scenarios in which this last modified date might not match the users' last logon date. +**Cause:** The `/uel` option depends on the last modified date of the users' NTUser.dat file. There are scenarios in which this last modified date might not match the users' last sign-in date. -**Resolution** This is a limitation of the **/uel** option. You might need to exclude these users manually with the **/ue** option. +**Resolution:** This is a limitation of the `/uel` option. You might need to exclude these users manually with the `/ue` option. ### The LoadState tool reports an error as return code 71 and fails to restore a user profile during a migration test. -**Cause:** During a migration test, if you run the ScanState tool on your test computer and then delete user profiles in order to test the LoadState tool on the same computer, you may have a conflicting key present in the registry. Using the **net use** command to remove a user profile will delete folders and files associated with that profile, but will not remove the registry key. +**Cause:** During a migration test, if you run the ScanState tool on your test computer and then delete user profiles in order to test the LoadState tool on the same computer, you may have a conflicting key present in the registry. Using the **net use** command to remove a user profile will delete folders and files associated with that profile, but won't remove the registry key. **Resolution:** To delete a user profile, use the **User Accounts** item in Control Panel. To correct an incomplete deletion of a user profile: @@ -117,43 +107,42 @@ Any user accounts on the computer that have not been used will not be migrated. Each user profile is stored in a System Identifier key under `ProfileList`. -3. Delete the key for the user profile you are trying to remove. +3. Delete the key for the user profile you're trying to remove. -### Files that were not encrypted before the migration are now encrypted with the account used to run the LoadState tool. +### Files that weren't encrypted before the migration are now encrypted with the account used to run the LoadState tool. -**Cause:** The ScanState tool was run using the **/EFS: copyraw** option to migrate encrypted files and Encrypting File System (EFS) certificates. The encryption attribute was set on a folder that was migrated, but the attribute was removed from file contents of that folder prior to migration. +**Cause:** The ScanState tool was run using the `/EFS:copyraw` option to migrate encrypted files and Encrypting File System (EFS) certificates. The encryption attribute was set on a folder that was migrated, but the attribute was removed from file contents of that folder prior to migration. **Resolution:** Before using the ScanState tool for a migration that includes encrypted files and EFS certificates, you can run the Cipher tool at the command prompt to review and change encryption settings on files and folders. You must remove the encryption attribute from folders that contain unencrypted files or encrypt the contents of all files within an encrypted folder. -To remove encryption from files that have already been migrated incorrectly, you must log on to the computer with the account that you used to run the LoadState tool and then remove the encryption from the affected files. +To remove encryption from files that have already been migrated incorrectly, you must sign into the computer with the account that you used to run the LoadState tool and then remove the encryption from the affected files. ### The LoadState tool reports an error as return code 71 and a Windows Error 2202 in the log file. **Cause:** The computer name was changed during an offline migration of a local user profile. -**Resolution:** You can use the **/mu** option when you run the LoadState tool to specify a new name for the user. For example, +**Resolution:** You can use the `/mu` option when you run the LoadState tool to specify a new name for the user. For example, ``` syntax -loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore +loadstate.exe /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /progress:prog.log /l:load.log /mu:fareast\user1:farwest\user1 ``` ## Command-line Problems - The following sections describe common command-line problems. Expand the section to see recommended solutions. -### I received the following error message: "Usage Error: You cannot specify a file path with any of the command-line options that exceeds 256 characters." +### I received the following error message: "Usage Error: You can't specify a file path with any of the command-line options that exceeds 256 characters." -**Cause:** You might receive this error message in some cases even if you do not specify a long store or file path, because the path length is calculated based on the absolute path. For example, if you run the **scanstate.exe /o store** command from C:\\Program Files\\USMT40, then each character in "`C:\Program Files\USMT40`" will be added to the length of "store" to get the length of the path. +**Cause:** You might receive this error message in some cases even if you don't specify a long store or file path, because the path length is calculated based on the absolute path. For example, if you run the `scanstate.exe /o store` command from `C:\Program Files\USMT40`, then each character in "`C:\Program Files\USMT40`" will be added to the length of "store" to get the length of the path. -**Resolution:** Ensure that the total path length—the store path plus the current directory—does not exceed 256 characters. +**Resolution:** Ensure that the total path length doesn't exceed 256 characters. The total path length includes the store path plus the current directory. ### I received the following error message: "USMT was unable to create the log file(s). Ensure that you have write access to the log directory." -**Cause:** If you are running the ScanState or LoadState tools from a shared network resource, you will receive this error message if you do not specify **/l**. +**Cause:** If you're running the ScanState or LoadState tools from a shared network resource, you'll receive this error message if you don't specify `/l`. -**Resolution:** To fix this issue in this scenario, specify the **/l:scan.log** or **/l:load.log** option. +**Resolution:** To fix this issue in this scenario, specify the `/l:scan.log` or `/l:load.log` option. ## XML File Problems @@ -162,38 +151,37 @@ The following sections describe common XML file problems. Expand the section to ### I used the /genconfig option to create a Config.xml file, but I see only a few applications and components that are in MigApp.xml. Why does Config.xml not contain all of the same applications? -**Cause:** Config.xml will contain only operating system components, applications, and the user document sections that are in both of the .xml files and are installed on the computer when you run the **/genconfig** option. Otherwise, these applications and components will not appear in the Config.xml file. +**Cause:** `Config.xml` will contain only operating system components, applications, and the user document sections that are in both of the .xml files and are installed on the computer when you run the `/genconfig` option. Otherwise, these applications and components won't appear in the `Config.xml` file. -**Resolution:** Install all of the desired applications on the computer before running the **/genconfig** option. Then run ScanState with all of the .xml files. For example, run the following: +**Resolution:** Install all of the desired applications on the computer before running the `/genconfig` option. Then run `ScanState.exe` with all of the .xml files. For example, run the following command: -`scanstate /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:scanstate.log` +`scanstate.exe /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:scanstate.log` -### I am having problems with a custom .xml file that I authored, and I cannot verify that the syntax is correct. +### I'm having problems with a custom .xml file that I authored, and I can't verify that the syntax is correct. -**Resolution:** You can load the XML schema (MigXML.xsd), included with USMT, into your XML authoring tool. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there is a syntax error. In addition, see [USMT XML Reference](usmt-xml-reference.md) for more information about using the XML elements. +**Resolution:** You can load the XML schema file `MigXML.xsd` into your XML authoring tool. `MigXML.xsd` is included with USMT. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there's a syntax error. For more information about using the XML elements, see [USMT XML Reference](usmt-xml-reference.md). -### I am using a MigXML helper function, but the migration isn’t working the way I expected it to.  How do I troubleshoot this issue? +### I'm using a MigXML helper function, but the migration isn't working the way I expected it to. How do I troubleshoot this issue? -**Cause:** Typically, this issue is caused by incorrect syntax used in a helper function. You receive a Success return code, but the files you wanted to migrate did not get collected or applied, or weren’t collected or applied in the way you expected. +**Cause:** Typically, this issue is caused by incorrect syntax used in a helper function. You receive a Success return code, but the files you wanted to migrate didn't get collected or applied, or weren't collected or applied in the way you expected. -**Resolution:** You should search the ScanState or LoadState log for either the component name which contains the MigXML helper function, or the MigXML helper function title, so that you can locate the related warning in the log file. +**Resolution:** You should search the ScanState or LoadState log for either the component name that contains the MigXML helper function, or the MigXML helper function title, so that you can locate the related warning in the log file. ## Migration Problems - The following sections describe common migration problems. Expand the section to see recommended solutions. ### Files that I specified to exclude are still being migrated. -**Cause:** There might be another rule that is including the files. If there is a more specific rule or a conflicting rule, the files will be included in the migration. +**Cause:** There might be another rule that is including the files. If there's a more specific rule or a conflicting rule, the files will be included in the migration. **Resolution:** For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md) and the Diagnostic Log section in [Log Files](usmt-log-files.md). -### I specified rules to move a folder to a specific location on the destination computer, but it has not migrated correctly. +### I specified rules to move a folder to a specific location on the destination computer, but it hasn't migrated correctly. **Cause:** There might be an error in the XML syntax. -**Resolution:** You can use the USMT XML schema (MigXML.xsd) to write and validate migration .xml files. Also see the XML examples in the following topics: +**Resolution:** You can use the USMT XML schema (`MigXML.xsd`) to write and validate migration .xml files. Also see the XML examples in the following articles: [Conflicts and Precedence](usmt-conflicts-and-precedence.md) @@ -205,31 +193,33 @@ The following sections describe common migration problems. Expand the section to [Custom XML Examples](usmt-custom-xml-examples.md) -### After LoadState completes, the new desktop background does not appear on the destination computer. +### After LoadState completes, the new desktop background doesn't appear on the destination computer. There are three typical causes for this issue. -**Cause \#1:**: Some settings such as fonts, desktop backgrounds, and screen-saver settings are not applied by LoadState until after the destination computer has been restarted. +**Cause**: Some settings such as fonts, desktop backgrounds, and screen-saver settings aren't applied by LoadState until after the destination computer has been restarted. -**Resolution:** To fix this issue, log off, and then log back on to see the migrated desktop background. +**Resolution:** To fix this issue, sign out, and then log back on to see the migrated desktop background. -**Cause \#2:** If the source computer was running Windows® XP and the desktop background was stored in the *Drive*:\\WINDOWS\\Web\\Wallpaper folder—the default folder where desktop backgrounds are stored in Windows XP—the desktop background will not be migrated. Instead, the destination computer will have the default Windows® desktop background. This will occur even if the desktop background was a custom picture that was added to the \\WINDOWS\\Web\\Wallpaper folder. However, if the end user sets a picture as the desktop background that was saved in another location, for example, My Pictures, then the desktop background will migrate. + -### I included MigApp.xml in the migration, but some PST files aren’t migrating. +### I included MigApp.xml in the migration, but some PST files aren't migrating. -**Cause:** The MigApp.xml file migrates only the PST files that are linked to Outlook profiles. +**Cause:** The `MigApp.xml` file migrates only the PST files that are linked to Outlook profiles. -**Resolution:** To migrate PST files that are not linked to Outlook profiles, you must create a separate migration rule to capture these files. +**Resolution:** To migrate PST files that aren't linked to Outlook profiles, you must create a separate migration rule to capture these files. -### USMT does not migrate the Start layout +### USMT doesn't migrate the Start layout -**Description:** You are using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and does not have the Start menu layout they had previously configured. +**Description:** You're using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and doesn't have the Start menu layout they had previously configured. **Cause:** A code change in the Start Menu with Windows 10 version 1607 and later is incompatible with this USMT function. @@ -244,19 +234,18 @@ There are three typical causes for this issue. 3. Before the user signs in on the new device, import the Start layout using the following Windows PowerShell command: ``` - Import-StartLayout –LayoutPath "C:\Layout\user1.xml" –MountPath %systemdrive% + Import-StartLayout -LayoutPath "C:\Layout\user1.xml" -MountPath %systemdrive% ``` -This workaround changes the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout. +This workaround changes the Default user's Start layout. The workaround doesn't scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device, you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout. ## Offline Migration Problems - The following sections describe common offline migration problems. Expand the section to see recommended solutions. -### Some of my system settings do not migrate in an offline migration. +### Some of my system settings don't migrate in an offline migration. -**Cause:** Some system settings, such as desktop backgrounds and network printers, are not supported in an offline migration. For more information, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) +**Cause:** Some system settings, such as desktop backgrounds and network printers, aren't supported in an offline migration. For more information, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) **Resolution:** In an offline migration, these system settings must be restored manually. @@ -266,23 +255,23 @@ The following sections describe common offline migration problems. Expand the se **Resolution:** You can reboot the computer to get rid of the temp profile or you can set MIG\_FAIL\_ON\_PROFILE\_ERROR=0 to skip the error and exclude the temp profile. -### Include and Exclude rules for migrating user profiles do not work the same offline as they do online. +### Include and Exclude rules for migrating user profiles don't work the same offline as they do online. -**Cause:** When offline, the DNS server cannot be queried to resolve the user name and SID mapping. +**Cause:** When offline, the DNS server can't be queried to resolve the user name and SID mapping. **Resolution:** Use a Security Identifier (SID) to include a user when running the ScanState tool. For example: ``` syntax -Scanstate /ui:S1-5-21-124525095-708259637-1543119021* +Scanstate.exe /ui:S1-5-21-124525095-708259637-1543119021* ``` The wild card (\*) at the end of the SID will migrate the *SID*\_Classes key as well. -You can also use patterns for SIDs that identify generic users or groups. For example, you can use the */ue:\*-500* option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](/troubleshoot/windows-server/identity/security-identifiers-in-windows). +You can also use patterns for SIDs that identify generic users or groups. For example, you can use the `/ue:*-500` option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](/troubleshoot/windows-server/identity/security-identifiers-in-windows). ### My script to wipe the disk fails after running the ScanState tool on a 64-bit system. -**Cause:** The HKLM registry hive is not unloaded after the ScanState tool has finished running. +**Cause:** The HKLM registry hive isn't unloaded after the ScanState tool has finished running. **Resolution:** Reboot the computer or unload the registry hive at the command prompt after the ScanState tool has finished running. For example, at a command prompt, type: @@ -292,33 +281,27 @@ reg.exe unload hklm\$dest$software ## Hard-Link Migration Problems - The following sections describe common hard-link migration problems. Expand the section to see recommended solutions. -### EFS files are not restored to the new partition. +### EFS files aren't restored to the new partition. -**Cause:** EFS files cannot be moved to a new partition with a hard link. The **/efs:hardlink** command-line option is only applicable to files migrated on the same partition. +**Cause:** EFS files can't be moved to a new partition with a hard link. The `/efs:hardlink` command-line option is only applicable to files migrated on the same partition. -**Resolution:** Use the **/efs:copyraw** command-line option to copy EFS files during the migration instead of creating hard links, or manually copy the EFS files from the hard-link store. +**Resolution:** Use the `/efs:copyraw` command-line option to copy EFS files during the migration instead of creating hard links, or manually copy the EFS files from the hard-link store. -### The ScanState tool cannot delete a previous hard-link migration store. +### The ScanState tool can't delete a previous hard-link migration store. **Cause:** The migration store contains hard links to locked files. **Resolution:** Use the UsmtUtils tool to delete the store or change the store name. For example, at a command prompt, type: ``` syntax -USMTutils /rd +USMTutils.exe /rd ``` You should also reboot the machine. - - - - -## Related topics - +## Related articles [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) @@ -326,7 +309,4 @@ You should also reboot the machine. [Return Codes](usmt-return-codes.md) -[UsmtUtils Syntax](usmt-utilities.md) - - - +[UsmtUtils Syntax](usmt-utilities.md) \ No newline at end of file diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index a64d459198..5853303709 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -1,6 +1,6 @@ --- title: Common Migration Scenarios (Windows 10) -description: See how the User State Migration Tool (USMT) 10.0 is used when planning hardware and/or operating system upgrades. +description: See how the User State Migration Tool (USMT) 10.0 is used when planning hardware and/or operating system upgrades. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,14 +13,12 @@ ms.technology: itpro-deploy # Common Migration Scenarios +You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred. -You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred. - -One common scenario when only the operating system, and not the hardware, is being upgraded is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system. +One common scenario is when the operating system is upgraded on existing hardware without the hardware being replaced. This scenario is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system. **In this article:** - [PC Refresh](#bkmk-pcrefresh) [Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#bkmk-onepcrefresh) @@ -41,112 +39,93 @@ One common scenario when only the operating system, and not the hardware, is bei ## PC-Refresh - The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer. -  - ![usmt pc refresh scenario.](images/dep-win8-l-usmt-pcrefresh.jpg) -  - ### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store -A company has just received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled completely offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer. +A company has received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer. -1. On each computer, the administrator boots the machine into WinPE and runs the ScanState command-line tool, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive. +1. On each computer, the administrator boots the machine into WinPE and runs the ScanState command-line tool, specifying the `/hardlink /nocompress` command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive. -2. On each computer, the administrator installs the company's standard operating environment (SOE) which includes Windows 10 and other company applications. +2. On each computer, the administrator installs the company's standard operating environment (SOE) which includes Windows 10 and other company applications. -3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer. +3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer. ### Scenario Two: PC-refresh using a compressed migration store -A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server. +A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server. -1. The administrator runs the ScanState command-line tool on each computer. ScanState saves each user state to a server. +1. The administrator runs the ScanState command-line tool on each computer. ScanState saves each user state to a server. -2. On each computer, the administrator installs the company's standard SOE which includes Windows 10 and other company applications. +2. On each computer, the administrator installs the company's standard SOE that includes Windows 10 and other company applications. -3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer. +3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer. ### Scenario Three: PC-refresh using a hard-link migration store -A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer. +A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer. -1. The administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive. +1. The administrator runs the ScanState command-line tool on each computer, specifying the `/hardlink /nocompress` command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive. -2. On each computer, the administrator installs the company's SOE which includes Windows 10 and other company applications. +2. On each computer, the administrator installs the company's SOE that includes Windows 10 and other company applications. -3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer. +3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer. ### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store -A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer. +A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer. -1. The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows. +1. The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows. -2. On each computer, the administrator installs the company's SOE which includes company applications. +2. On each computer, the administrator installs the company's SOE that includes company applications. -3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the **/hardlink /nocompress** command-line options. +3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the `/hardlink /nocompress` command-line options. ## PC-Replacement The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer. -  - ![usmt pc replace scenario.](images/dep-win8-l-usmt-pcreplace.jpg) -  - ### Scenario One: Offline migration using WinPE and an external migration store -A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled completely offline, without a network connection. +A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled offline, without a network connection. -1. On each source computer, an administrator boots the machine into WinPE and runs ScanState to collect the user state to either a server or an external hard disk. +1. On each source computer, an administrator boots the machine into WinPE and runs ScanState to collect the user state to either a server or an external hard disk. -2. On each new computer, the administrator installs the company's SOE which includes Windows 10 and other company applications. +2. On each new computer, the administrator installs the company's SOE that includes Windows 10 and other company applications. -3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers. +3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers. ### Scenario Two: Manual network migration -A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store. +A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store. -1. The administrator runs the ScanState tool on each of the manager's old laptops, and saves each user state to a server. +1. The administrator runs the ScanState tool on each of the manager's old laptops, and saves each user state to a server. -2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications. +2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications. -3. The administrator runs the LoadState tool on the new laptops to migrate the managers' user states to the appropriate computer. The new laptops are now ready for the managers to use. +3. The administrator runs the LoadState tool on the new laptops to migrate the managers' user states to the appropriate computer. The new laptops are now ready for the managers to use. -4. On the old computers, the administrator installs the company's SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use. +4. On the old computers, the administrator installs the company's SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use. ### Scenario Three: Managed network migration -A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a logon script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store. +A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a sign-in script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store. -1. On each source computer, the administrator runs the ScanState tool using Microsoft Endpoint Configuration Manager, Microsoft Deployment Toolkit (MDT), a logon script, a batch file, or a non-Microsoft management technology. ScanState collects the user state from each source computer and then saves it to a server. +1. On each source computer, the administrator runs the ScanState tool using Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), a sign-in script, a batch file, or a non-Microsoft management technology. ScanState collects the user state from each source computer and then saves it to a server. -2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications. +2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications. -3. On each of the new computers, the administrator runs the LoadState tool using Microsoft Endpoint Configuration Manager, a logon script, a batch file, or a non-Microsoft management technology. LoadState migrates each user state from the migration store to one of the new computers. - -## Related topics +3. On each of the new computers, the administrator runs the LoadState tool using Microsoft Configuration Manager, a sign-in script, a batch file, or a non-Microsoft management technology. LoadState migrates each user state from the migration store to one of the new computers. +## Related articles [Plan Your Migration](usmt-plan-your-migration.md) [Choose a Migration Store Type](usmt-choose-migration-store-type.md) -[Offline Migration Reference](offline-migration-reference.md) - -  - -  - - - - - +[Offline Migration Reference](offline-migration-reference.md) \ No newline at end of file diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 21fad15496..6b6606f31d 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -1,6 +1,6 @@ --- title: Config.xml File (Windows 10) -description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the /genconfig option with the ScanState.exe tool. +description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the /genconfig option with the ScanState.exe tool. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -15,20 +15,20 @@ ms.technology: itpro-deploy ## Config.xml File -The Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the **/genconfig** option with the ScanState.exe tool. If you want to include all of the default components, and do not want to change the default store-creation or profile-migration behavior, you do not need to create a Config.xml file. +The `Config.xml` file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the `/genconfig` option with the ScanState tool. If you want to include all of the default components, and don't want to change the default store-creation or profile-migration behavior, you don't need to create a `Config.xml` file. -However, if you are satisfied with the default migration behavior defined in the MigApp.xml, MigUser.xml and MigDocs.xml files, but you want to exclude certain components, you can create and modify a Config.xml file and leave the other .xml files unchanged. For example, you must create and modify the Config.xml file if you want to exclude any of the operating-system settings that are migrated. It is necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior. +However, if you're satisfied with the default migration behavior defined in the `MigApp.xml`, `MigUser.xml` and `MigDocs.xml` files, but you want to exclude certain components, you can create and modify a `Config.xml` file and leave the other .xml files unchanged. For example, you must create and modify the `Config.xml` file if you want to exclude any of the operating-system settings that are migrated. It's necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior. -The Config.xml file has a different format than the other migration .xml files, because it does not contain any migration rules. It contains only a list of the operating-system components, applications, user documents that can be migrated, as well as user-profile policy and error-control policy. For this reason, excluding components using the Config.xml file is easier than modifying the migration .xml files, because you do not need to be familiar with the migration rules and syntax. However, you cannot use wildcard characters in this file. +The `Config.xml` file has a different format than the other migration .xml files, because it doesn't contain any migration rules. It contains only a list of the operating-system components, applications, user documents that can be migrated, and user-profile policy and error-control policy. For this reason, excluding components using the `Config.xml` file is easier than modifying the migration .xml files, because you don't need to be familiar with the migration rules and syntax. However, you can't use wildcard characters in this file. -For more information about using the Config.xml file with other migration files, such as the MigDocs.xml and MigApps.xml files, see [Understanding Migration XML Files](understanding-migration-xml-files.md). +For more information about using the `Config.xml` file with other migration files, such as the `MigDocs.xml` and `MigApps.xml` files, see [Understanding Migration XML Files](understanding-migration-xml-files.md). -**Note**   -To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration. +> [!Note] +> To exclude a component from the `Config.xml` file, set the **migrate** value to **no**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration. ## In this topic -In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only. +In USMT there are new migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the `Config.xml` file only. [<Policies>](#bkmk-policies) @@ -68,11 +68,11 @@ In USMT there are new migration policies that can be configured in the Config.xm The **<Policies>** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **<Policies>** element are **<ErrorControl>** and **<HardLinkStoreControl>**. The **<Policies>** element is a child of **<Configuration>**. -Syntax: ` ` +Syntax: `` `` ## <ErrorControl> -The **<ErrorControl>** element is an optional element you can configure in the Config.xml file. The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. +The **<ErrorControl>** element is an optional element you can configure in the `Config.xml` file. The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. - **Number of occurrences**: Once for each component @@ -80,9 +80,9 @@ The **<ErrorControl>** element is an optional element you can configure in - **Child elements**: The **<fileError>** and **<registryError>** element -Syntax: `` +Syntax: `` `` -The following example specifies that all locked files, regardless of their location (including files in C:\\Users), should be ignored. However, the migration fails if any file in C:\\Users cannot be accessed because of any other reason. In the example below, the **<ErrorControl>** element ignores any problems in migrating registry keys that match the supplied pattern, and it resolves them to an **Access denied** error. +The following example specifies that all locked files, regardless of their location (including files in C:\\Users), should be ignored. However, the migration fails if any file in C:\\Users can't be accessed because of any other reason. In the example below, the **<ErrorControl>** element ignores any problems in migrating registry keys that match the supplied pattern, and it resolves them to an **Access denied** error. Additionally, the order in the **<ErrorControl>** section implies priority. In this example, the first **<nonFatal>** tag takes precedence over the second **<fatal>** tag. This precedence is applied, regardless of how many tags are listed. @@ -103,7 +103,7 @@ Additionally, the order in the **<ErrorControl>** section implies priority ### <fatal> -The **<fatal>** element is not required. +The **<fatal>** element isn't required. - **Number of occurrences**: Once for each component @@ -111,7 +111,7 @@ The **<fatal>** element is not required. - **Child elements**: None. -Syntax: ``*<pattern>*`` +Syntax: `` *<pattern>* `` |Parameter|Required|Value| |--- |--- |--- | @@ -121,7 +121,7 @@ You use the **<fatal>** element to specify that errors matching a specific ## <fileError> -The **<fileError>** element is not required. +The **<fileError>** element isn't required. - **Number of occurrences**: Once for each component @@ -129,13 +129,13 @@ The **<fileError>** element is not required. - **Child elements**: **<nonFatal>** and **<fatal>** -Syntax: `` +Syntax: `` `` You use the **<fileError>** element to represent the behavior associated with file errors. ## <nonFatal> -The **<nonFatal>** element is not required. +The **<nonFatal>** element isn't required. - **Number of occurrences**: Once for each component @@ -143,17 +143,17 @@ The **<nonFatal>** element is not required. - **Child elements**: None. -Syntax: ``*<pattern>*`` +Syntax: `` *<pattern>* `` |Parameter|Required|Value| |--- |--- |--- | -|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages are not specified, the default behavior applies the parameter to all system error messages.| +|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| -You use the **<nonFatal>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. +You use the **<nonFatal>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. ## <registryError> -The <registryError>element is not required. +The <registryError> element isn't required. - **Number of occurrences**: Once for each component @@ -161,19 +161,19 @@ The <registryError>element is not required. - **Child elements**: **<nonfatal>** and **<fatal>** -Syntax: `` +Syntax: `` `` |Parameter|Required|Value| |--- |--- |--- | -|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages are not specified, the default behavior applies the parameter to all system error messages.| +|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| -You use the **<registryError>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. +You use the **<registryError>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. ## <HardLinkStoreControl> The **<HardLinkStoreControl>** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **<fileLocked>**. -Syntax: ` ` +Syntax: `` `` - **Number of occurrences**: Once for each component @@ -181,12 +181,12 @@ Syntax: ` ` - **Child elements**: **<fileLocked>** -Syntax: `` +Syntax: `` `` -The **<HardLinkStoreControl>** sample code below specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that cannot be copied, even though is technically possible for the link to be created. +The **<HardLinkStoreControl>** sample code below specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that can't be copied, even though is technically possible for the link to be created. > [!IMPORTANT] -> The **<ErrorControl>** section can be configured to conditionally ignore file access errors, based on the file’s location. +> The **<ErrorControl>** section can be configured to conditionally ignore file access errors, based on the file's location. ``` xml @@ -206,41 +206,41 @@ The **<HardLinkStoreControl>** sample code below specifies that hard links The **<fileLocked>** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **<fileLocked>** element are processed in the order in which they appear in the XML file. -Syntax: `` +Syntax: `` `` ## <createHardLink> The **<createHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. -Syntax: ``*<pattern>*`` +Syntax: `` *<pattern>* `` ## <errorHardLink> -The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should not be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that is not possible, **Error\_Locked** is thrown. This is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. +The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that isn't possible, **Error\_Locked** is thrown. This error is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. -Syntax: ``*<pattern>*`` +Syntax: `` *<pattern>* `` ## <ProfileControl> This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **<ProfileMigration>** is a child of **<Configuration>**. -Syntax: <`ProfileControl> ` +Syntax: <`ProfileControl>` `` ## <localGroups> This element is used to contain other elements that establish rules for how to migrate local groups. **<localGroups>** is a child of **<ProfileControl>**. -Syntax: ` ` +Syntax: `` `` ## <mappings> This element is used to contain other elements that establish mappings between groups. -Syntax: ` ` +Syntax: `` `` ## <changeGroup> -This element describes the source and destination groups for a local group membership change during the migration. It is a child of **<localGroups>**. The following parameters are defined: +This element describes the source and destination groups for a local group membership change during the migration. It's a child of **<localGroups>**. The following parameters are defined: |Parameter|Required|Value| |--- |--- |--- | @@ -250,23 +250,27 @@ This element describes the source and destination groups for a local group membe The valid and required children of **<changeGroup>** are **<include>** and **<exclude>**. Although both can be children at the same time, only one is required. -Syntax: ` ` +Syntax: `` `` ## <include> This element specifies that its required child, *<pattern>*, should be included in the migration. -Syntax: ```` +Syntax: `` `` ## <exclude> This element specifies that its required child, *<pattern>*, should be excluded from the migration. -Syntax: ``` ` +Syntax: `` `` ## Sample Config.xml File -Refer to the following sample Config.xml file for additional details about items you can choose to exclude from a migration. +Refer to the following sample `Config.xml` file for more details about items you can choose to exclude from a migration. +
+
+
+ Expand for sample Config.xml file: ```xml @@ -459,6 +463,8 @@ Refer to the following sample Config.xml file for additional details about items ``` -## Related topics +
-[USMT XML Reference](usmt-xml-reference.md) +## Related articles + +[USMT XML Reference](usmt-xml-reference.md) \ No newline at end of file diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index a61b85e890..8e0dec0e09 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -1,6 +1,6 @@ --- title: Conflicts and Precedence (Windows 10) -description: In this article, learn how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. +description: In this article, learn how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,19 +13,19 @@ ms.technology: itpro-deploy # Conflicts and Precedence -When you include, exclude, and reroute files and settings, it is important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind. +When you include, exclude, and reroute files and settings, it's important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind. -- **If there are conflicting rules within a component, the most specific rule is applied.** However, the <unconditionalExclude> rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples)****later in this topic. +- **If there are conflicting rules within a component, the most specific rule is applied.** However, the **<unconditionalExclude>** rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples) later in this article. -- **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. +- **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components don't affect each other, except for the **<unconditionalExclude>** rule. -- **If the rules are equally specific, <exclude> takes precedence over <include>.** For example, if you use the <exclude> rule to exclude a file and use the <include> rule to include the same file, the file will be excluded. +- **If the rules are equally specific, <exclude> takes precedence over <include>.** For example, if you use the **<exclude>** rule to exclude a file and use the **<include>** rule to include the same file, the file will be excluded. -- **The ordering of components does not matter.** It does not matter which components are listed in which .xml file, because each component is processed independently of the other components across all of the .xml files. +- **The ordering of components does not matter.** It doesn't matter which components are listed in which .xml file, because each component is processed independently of the other components across all of the .xml files. - **The ordering of the <include> and <exclude> rules within a component does not matter.** -- **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other <include> rules that are in the .xml files. For example, you can use the <unconditionalExclude> element to exclude all MP3 files on the computer or to exclude all files from C:\\UserData. +- **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other **<include>** rules that are in the .xml files. For example, you can use the **<unconditionalExclude>** element to exclude all MP3 files on the computer or to exclude all files from **C:\\UserData**. ## In this topic @@ -57,11 +57,11 @@ When you include, exclude, and reroute files and settings, it is important to kn ### What is the relationship between rules that are located within different components? -Only rules inside the same component can affect each other, depending on specificity, except for the <unconditionalExclude> rule. Rules that are in different components do not affect each other. If there is an <include> rule in one component and an identical <exclude> rule in another component, the data will be migrated because the two rules are independent of each other. +Only rules inside the same component can affect each other, depending on specificity, except for the **<unconditionalExclude>** rule. Rules that are in different components don't affect each other. If there's an **<include>** rule in one component and an identical **<exclude>** rule in another component, the data will be migrated because the two rules are independent of each other. -If you have an <include> rule in one component and a <locationModify> rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the <include> rule, and it will be migrated based on the <locationModify> rule. +If you have an **<include>** rule in one component and a **<locationModify>** rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the **<include>** rule, and it will be migrated based on the **<locationModify>** rule. -The following .xml file migrates all files from C:\\Userdocs, including .mp3 files, because the <exclude> rule is specified in a separate component. +The following .xml file migrates all files from C:\\Userdocs, including .mp3 files, because the **<exclude>** rule is specified in a separate component. ``` xml @@ -95,7 +95,7 @@ The following .xml file migrates all files from C:\\Userdocs, including .mp3 fil ### How does precedence work with the Config.xml file? -Specifying `migrate="no"` in the Config.xml file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded. +Specifying `migrate="no"` in the `Config.xml` file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded. ``` xml @@ -107,27 +107,27 @@ Specifying `migrate="no"` in the Config.xml file is the same as deleting the cor ### How does USMT process each component in an .xml file with multiple components? -The ordering of components does not matter. Each component is processed independently of other components. For example, if you have an <include> rule in one component and a <locationModify> rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the <include> rule, and it will be migrated based on the <locationModify> rule. +The ordering of components doesn't matter. Each component is processed independently of other components. For example, if you have an **<include>** rule in one component and a **<locationModify>** rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the **<include>** rule, and it will be migrated based on the **<locationModify>** rule. ### How are rules processed? There are two broad categories of rules. -- **Rules that affect the behavior of both the ScanState and LoadState tools**. For example, the <include>, <exclude>, and <unconditionalExclude> rules are processed for each component in the .xml files. For each component, USMT creates an include list and an exclude list. Some of the rules in the component might be discarded due to specificity, but all of the remaining rules are processed. For each <include> rule, USMT iterates through the elements to see if any of the locations need to be excluded. USMT enumerates all of the objects and creates a list of objects it is going to collect for each user. Once the list is complete, each of the objects is stored or migrated to the destination computer. +- **Rules that affect the behavior of both the ScanState and LoadState tools**. For example, the **<include>**, **<exclude>**, and **<unconditionalExclude>** rules are processed for each component in the .xml files. For each component, USMT creates an include list and an exclude list. Some of the rules in the component might be discarded due to specificity, but all of the remaining rules are processed. For each **<include>** rule, USMT iterates through the elements to see if any of the locations need to be excluded. USMT enumerates all of the objects and creates a list of objects it's going to collect for each user. Once the list is complete, each of the objects is stored or migrated to the destination computer. -- **Rules that affect the behavior of only the LoadState tool**. For example, the <locationModify>, <contentModify>, and <destinationCleanup> rules do not affect ScanState. They are processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the <locationModify>and <contentModify> rules. Then, LoadState processes all of the <destinationCleanup> rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer. +- **Rules that affect the behavior of only the LoadState tool**. For example, the **<locationModify>**, **<contentModify>**, and **<destinationCleanup>** rules don't affect ScanState. They're processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the **<locationModify>** and **<contentModify>** rules. Then, LoadState processes all of the **<destinationCleanup>** rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer. ### How does USMT combine all of the .xml files that I specify on the command line? -USMT does not distinguish the .xml files based on their name or content. It processes each component within the files separately. USMT supports multiple .xml files only to make it easier to maintain and organize the components within them. Because USMT uses a urlid to distinguish each component from the others, be sure that each .xml file that you specify on the command line has a unique migration urlid. +USMT doesn't distinguish the .xml files based on their name or content. It processes each component within the files separately. USMT supports multiple .xml files only to make it easier to maintain and organize the components within them. Because USMT uses a urlid to distinguish each component from the others, be sure that each .xml file that you specify on the command line has a unique migration urlid. ## The <include> and <exclude> rules ### What happens when there are conflicting <include> and <exclude> rules? -If there are conflicting rules within a component, the most specific rule is applied, except with the <unconditionalExclude> rule, which takes precedence over all other rules. If the rules are equally specific, then the data will be not be migrated. For example if you exclude a file, and include the same file, the file will not be migrated. If there are conflicting rules within different components, the rules do not affect each other because each component is processed independently. +If there are conflicting rules within a component, the most specific rule is applied, except with the **<unconditionalExclude>** rule, which takes precedence over all other rules. If the rules are equally specific, then the data won't be migrated. For example if you exclude a file, and include the same file, the file won't be migrated. If there are conflicting rules within different components, the rules don't affect each other because each component is processed independently. -In the following example, mp3 files will not be excluded from the migration. This is because directory names take precedence over the file extensions. +In the following example, mp3 files won't be excluded from the migration. The mp3 files won't be excluded because directory names take precedence over the file extensions. ``` xml @@ -142,9 +142,9 @@ In the following example, mp3 files will not be excluded from the migration. Thi ``` -### <include> and <exclude> rules precedence examples +### <include> and **<exclude>** rules precedence examples -These examples explain how USMT deals with <include> and <exclude> rules. When the rules are in different components, the resulting behavior will be the same regardless of whether the components are in the same or in different migration .xml files. +These examples explain how USMT deals with **<include>** and **<exclude>** rules. When the rules are in different components, the resulting behavior will be the same regardless of whether the components are in the same or in different migration .xml files. - [Including and excluding files](#filesex) @@ -154,40 +154,40 @@ These examples explain how USMT deals with <include> and <exclude> r | If you have the following code in the same component | Resulting behavior | Explanation | |-----|-----|-----| -|
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:* [.txt]</pattern>
| Migrates all files and subfolders in Dir1 (including all .txt files in C:). | The <exclude> rule does not affect the migration because the <include> rule is more specific. | +|
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:* [.txt]</pattern>
| Migrates all files and subfolders in Dir1 (including all .txt files in C:). | The **<exclude>** rule doesn't affect the migration because the **<include>** rule is more specific. | |
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
| Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1\Dir2 and its subfolders. | Both rules are processed as intended. | |
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\ * [.txt]</pattern>
| Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1 and its subfolders. | Both rules are processed as intended. | -|
  • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
| Nothing will be migrated. | The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule. | +|
  • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
| Nothing will be migrated. | The rules are equally specific, so the **<exclude>** rule takes precedence over the **<include>** rule. | |
  • Include rule: C:\Dir1* [.txt]
  • Exclude rule: C:\Dir1\Dir2* []
| Migrates the .txt files in Dir1 and the .txt files from subfolders other than Dir2.
No files are migrated from Dir2 or its subfolders. | Both rules are processed as intended. | |
  • Include rule: C:\Dir1\Dir2* []
  • Exclude rule: C:\Dir1* [.txt]
| Migrates all files and subfolders of Dir2, except the .txt files from Dir1 and any subfolders of Dir1 (including Dir2). | Both rules are processed as intended. | | If you have the following code in different components | Resulting behavior | Explanation | |-----|----|----| -| Component 1:
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

Component 2:
  • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1* []</pattern>
| Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2). | Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed. | +| Component 1:
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

Component 2:
  • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1* []</pattern>
| Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2). | Rules that are in different components don't affect each other, except for the **<unconditionalExclude>** rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed. | | Component 1:
  • Include rule: C:\Dir1\Dir2* []

Component 2:
  • Exclude rule: C:\Dir1* [.txt]
| Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders. | Both rules are processed as intended. | -| Component 1:
  • Exclude rule: C:\Dir1\Dir2* []

Component 2:
  • Include rule: C:\Dir1* [.txt]
| Migrates all .txt files in Dir1 and any subfolders. | Component 1 does not contain an <include> rule, so the <exclude> rule is not processed. | +| Component 1:
  • Exclude rule: C:\Dir1\Dir2* []

Component 2:
  • Include rule: C:\Dir1* [.txt]
| Migrates all .txt files in Dir1 and any subfolders. | Component 1 doesn't contain an **<include>** rule, so the **<exclude>** rule isn't processed. | ### Including and excluding registry objects | If you have the following code in the same component | Resulting behavior | Explanation | |-----|-----|-----| |
  • Include rule:
    HKLM\Software\Microsoft\Command Processor* []
  • Exclude Rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
| Migrates all keys in HKLM\Software\Microsoft\Command Processor except DefaultColor. | Both rules are processed as intended. | -|
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude Rule:
    HKLM\Software\Microsoft\Command Processor* []
| Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor. | DefaultColor is migrated because the <include> rule is more specific than the <exclude> rule. | -|
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
| Does not migrate DefaultColor. | The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule. | +|
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude Rule:
    HKLM\Software\Microsoft\Command Processor* []
| Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor. | DefaultColor is migrated because the **<include>** rule is more specific than the **<exclude>** rule. | +|
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
| Doesn't migrate DefaultColor. | The rules are equally specific, so the **<exclude>** rule takes precedence over the <include> rule. | | If you have the following code in different components | Resulting behavior | Explanation | |-----|-----|-----| -| Component 1:
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor* []

Component 2:
  • Include rule:
    HKLM\Software\Microsoft\Command Processor* []
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
| Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor. | Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, the objects that were excluded when Component 1 was processed were included when Component 2 was processed. | +| Component 1:
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor* []

Component 2:
  • Include rule:
    HKLM\Software\Microsoft\Command Processor* []
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
| Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor. | Rules that are in different components don't affect each other, except for the **<unconditionalExclude>** rule. Therefore, in this example, the objects that were excluded when Component 1 was processed were included when Component 2 was processed. | ## File collisions ### What is the default behavior when there are file collisions? -If there is not a <merge> rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on. +If there isn't a **<merge>** rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on. ### How does the <merge> rule work when there are file collisions? -When a collision is detected, USMT will select the most specific <merge> rule and apply it to resolve the conflict. For example, if you have a <merge> rule for C:\\\* \[\*\] set to **sourcePriority()** and another <merge> rule for C:\\subfolder\\\* \[\*\] set to **destinationPriority()** , then USMT uses the destinationPriority() rule because it is the most specific. +When a collision is detected, USMT will select the most specific **<merge>** rule and apply it to resolve the conflict. For example, if you have a **<merge>** rule for **C:\\\* \[\*\]** set to **sourcePriority()** and another **<merge>** rule for **C:\\subfolder\\\* \[\*\]** set to **destinationPriority()** , then USMT uses the **destinationPriority()** rule because it's the most specific. ### Example scenario @@ -227,7 +227,7 @@ For this example, the following information describes the resulting behavior if ``` -**Result**: During ScanState, all the files will be added to the store. During LoadState, only C:\Data\SampleA.txt will be restored. +**Result**: During ScanState, all the files will be added to the store. During LoadState, only `C:\Data\SampleA.txt` will be restored. **Example 2** @@ -252,12 +252,12 @@ During LoadState, all the files will be restored, overwriting the existing files ``` -**Result**: During ScanState, all the files will be added to the store. During LoadState, the following will occur: +**Result**: During ScanState, all the files will be added to the store. During LoadState, the following actions will occur: -- C:\Data\SampleA.txt will be restored. -- C:\Data\SampleB.txt will be restored, overwriting the existing file on the destination computer. -- C:\Data\Folder\SampleB.txt will not be restored. +- `C:\Data\SampleA.txt` will be restored. +- `C:\Data\SampleB.txt` will be restored, overwriting the existing file on the destination computer. +- `C:\Data\Folder\SampleB.txt` won't be restored. -## Related topics +## Related articles [USMT XML Reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index b1e1541da3..fe1f25909d 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -15,7 +15,12 @@ ms.date: 11/01/2022 ## Example 1: Migrating an Unsupported Application -The following is a template for the sections that you need to migrate your application. The template isn't functional on its own, but you can use it to write your own .xml file. +The following template is a template for the sections that you need to migrate your application. The template isn't functional on its own, but you can use it to write your own .xml file. + +**Template** +
+
+ Expand to show Example 1 application template: ``` xml @@ -80,26 +85,30 @@ The following is a template for the sections that you need to migrate your appli ``` +
## Example 2: Migrating the My Videos Folder -The following sample is a custom .xml file named CustomFile.xml that migrates My Videos for all users, if the folder exists on the source computer. +The following sample is a custom .xml file named `CustomFile.xml` that migrates **My Videos** for all users, if the folder exists on the source computer. -- **Sample condition**: Verifies that My Videos exists on the source computer: +- **Sample condition**: Verifies that **My Videos** exists on the source computer: `MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%")` -- **Sample filter**: Filters out the shortcuts in My Videos that don't resolve on the destination computer: +- **Sample filter**: Filters out the shortcuts in **My Videos** that don't resolve on the destination computer: `` - This has no effect on files that aren't shortcuts. For example, if there's a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering. + This filter has no effect on files that aren't shortcuts. For example, if there's a shortcut in **My Videos** on the source computer that points to `C:\Folder1`, that shortcut will be migrated only if `C:\Folder1` exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering. -- **Sample pattern**: Migrates My Videos for all users: +- **Sample pattern**: Migrates **My Videos** for all users: `%CSIDL_MYVIDEO%* [*]` **XML file** +
+
+ Expand to show Example 2 XML file: ```xml @@ -123,12 +132,13 @@ The following sample is a custom .xml file named CustomFile.xml that migrates My ``` +
## Example 3: Migrating Files and Registry Keys The sample patterns describe the behavior in the following example .xml file. -- **Sample pattern**: Migrates all instances of the file Usmttestfile.txt from all subdirectories under `%ProgramFiles%\USMTTestFolder`: +- **Sample pattern**: Migrates all instances of the file `Usmttestfile.txt` from all subdirectories under `%ProgramFiles%\USMTTestFolder`: `%ProgramFiles%\USMTTestFolder* [USMTTestFile.txt]` @@ -145,6 +155,9 @@ The sample patterns describe the behavior in the following example .xml file. `HKLM\Software\USMTTESTKEY* []` **XML file** +
+
+ Expand to show Example 3 XML file: ``` xml @@ -176,12 +189,17 @@ The sample patterns describe the behavior in the following example .xml file. ``` +
## Example 4: Migrating Specific Folders from Various Locations - The behavior for this custom .xml file is described within the `` tags in the code. +**XML file** +
+
+ Expand to show Example 4 XML file: + ``` xml @@ -250,8 +268,9 @@ The behavior for this custom .xml file is described within the `` t ``` +
-## Related topics +## Related articles [USMT XML Reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 2a6d7781cc..497fe8f067 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -13,10 +13,8 @@ ms.technology: itpro-deploy # Customize USMT XML Files - ## In This Topic - [Overview](#bkmk-overview) [Migration .xml Files](#bkmk-migxml) @@ -31,78 +29,72 @@ ms.technology: itpro-deploy ## Overview +If you want the ScanState and LoadState tools to use any of the migration .xml files, specify these files at the command line using the `/i` option. Because the ScanState and LoadState tools need the .xml files to control the migration, specify the same set of .xml files for both the `ScanState.exe` and `LoadState.exe` commands. However, you don't have to specify the `Config.xml` file with the `/config` option, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store but not to the destination computer. To achieve this scenario, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. Then the `LoadState.exe` command will migrate only the files and settings that you want to migrate. -If you want the **ScanState** and **LoadState** tools to use any of the migration .xml files, specify these files at the command line using the **/i** option. Because the **ScanState** and **LoadState** tools need the .xml files to control the migration, specify the same set of .xml files for both the **ScanState** and **LoadState** commands. However, you do not have to specify the Config.xml file with the **/config** option, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store but not to the destination computer. To do this, modify the Config.xml file and specify the updated file with the **LoadState** command. Then the **LoadState** command will migrate only the files and settings that you want to migrate. +If you leave out an .xml file from the `LoadState.exe` command, all of the data in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified with the `ScanState.exe` command won't apply. For example, if you leave out an .xml file, and it contains a rerouting rule such as: -If you leave out an .xml file from the **LoadState** command, all of the data in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified with the **ScanState** command will not apply. For example, if you leave out an .xml file, and it contains a rerouting rule such as: `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files, and they will be migrated to C:\\data. +`MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")` + +USMT won't reroute the files, and they'll be migrated to `C:\data`. To modify the migration, do one or more of the following. -- **Modify the migration .xml files.** If you want to exclude a portion of a component—for example, you want to migrate C:\\ but exclude all of the .mp3 files—or if you want to move data to a new location on the destination computer, modify the .xml files. To modify these files, you must be familiar with the migration rules and syntax. If you want **ScanState** and **LoadState** to use these files, specify them at the command line when each command is entered. +- **Modify the migration .xml files.** If you want to exclude a portion of a component—for example, you want to migrate C:\\ but exclude all of the .mp3 files—or if you want to move data to a new location on the destination computer, modify the .xml files. To modify these files, you must be familiar with the migration rules and syntax. If you want ScanState and LoadState to use these files, specify them at the command line when each command is entered. -- **Create a custom .xml file.** You can also create a custom .xml file to migrate settings for another application, or to change the migration behavior to suit your needs. For **ScanState** and **LoadState** to use this file, specify them on both command lines. +- **Create a custom .xml file.** You can also create a custom .xml file to migrate settings for another application, or to change the migration behavior to suit your needs. For ScanState and LoadState to use this file, specify them on both command lines. -- **Create and modify a Config.xml file.** Do this if you want to exclude an entire component from the migration. For example, you can use a Config.xml file to exclude the entire My Documents folder, or exclude the settings for an application. Excluding components using a Config.xml file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. In addition, using a Config.xml file is the only way to exclude the operating system settings from being migrated. +- **Create and modify a Config.xml file.** Create and modify a `Config.xml` file if you want to exclude an entire component from the migration. For example, you can use a `Config.xml` file to exclude the entire My Documents folder, or exclude the settings for an application. Excluding components using a `Config.xml` file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. In addition, using a `Config.xml` file is the only way to exclude the operating system settings from being migrated. -For more information about excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) topic. +For more information about excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) article. ## Migration .xml Files +This section describes the migration .xml files that are included with USMT. Each file contains migration rules that control which components are migrated and where they're migrated to on the destination computer. -This section describes the migration .xml files that are included with USMT. Each file contains migration rules that control which components are migrated and where they are migrated to on the destination computer. +> [!Note] +> You can use the asterisk (\*) wildcard character in each of these files. However, you cannot use a question mark (?) as a wildcard character. -**Note**   -You can use the asterisk (\*) wildcard character in each of these files. However, you cannot use a question mark (?) as a wildcard character. +- **The MigApp.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate application settings. - +- **The MigDocs.xml file.** Specify this file with both the ScanState and LoadState tools to migrate all user folders and files that are found by the **MigXmlHelper.GenerateDocPatterns** helper function. This helper function finds user data that resides on the root of any drive and in the Users directory. However, it doesn't find and migrate any application data, program files, or any files in the Windows directory. You can modify the `MigDocs.xml` file. -- **The MigApp.xml file.** Specify this file with both the **ScanState** and **LoadState** commands to migrate application settings. +- **The MigUser.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate user folders, files, and file types. You can modify the `MigUser.xml` file. This file doesn't contain rules that migrate specific user accounts. The only way to specify which user accounts to migrate is on the command line using the ScanState and the LoadState user options. -- **The MigDocs.xml file.** Specify this file with both the **ScanState** and **LoadState** tools to migrate all user folders and files that are found by the **MigXmlHelper.GenerateDocPatterns** helper function. This helper function finds user data that resides on the root of any drive and in the Users directory. However, it does not find and migrate any application data, program files, or any files in the Windows directory. You can modify the MigDocs.xml file. - -- **The MigUser.xml file.** Specify this file with both the **ScanState** and **LoadState** commands to migrate user folders, files, and file types. You can modify the MigUser.xml file. This file does not contain rules that migrate specific user accounts. The only way to specify which user accounts to migrate is on the command line using the **ScanState** and the **LoadState** user options. - - **Note**   - Do not use the MigUser.xml and MigDocs.xml files together. For more information, see the [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) and [USMT Best Practices](usmt-best-practices.md) topics. - - +> [!Note] +> Don't use the `MigUser.xml` and `MigDocs.xml` files together. For more information, see the [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) and [USMT Best Practices](usmt-best-practices.md) articles. ## Custom .xml Files - -You can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior. If you want **ScanState** and **LoadState** to use this file, specify it with both commands. For more information, see the How to Create a Custom .xml File topic. +You can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior. If you want `ScanState.exe` and `LoadState.exe` to use this file, specify it with both commands. For more information, see the [Custom XML Examples](usmt-custom-xml-examples.md) article. ## The Config.xml File +The `Config.xml` file is an optional file that you create using the `/genconfig` option with the `ScanState.exe` command. You should create and modify this file if you want to exclude certain components from the migration. In addition, you must create and modify this file if you want to exclude any of the operating system settings from being migrated. The `Config.xml` file format is different from the migration .xml files because it doesn't contain any migration rules. It contains only a list of the operating system components, applications, and the user documents that can be migrated. For an example, see the [Config.xml File](usmt-configxml-file.md) article. For this reason, excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. However, you can't use wildcard characters in a `Config.xml` file. -The Config.xml file is an optional file that you create using the **/genconfig** option with the **ScanState** command. You should create and modify this file if you want to exclude certain components from the migration. In addition, you must create and modify this file if you want to exclude any of the operating system settings from being migrated. The Config.xml file format is different from that of the migration .xml files because it does not contain any migration rules. It contains only a list of the operating system components, applications, and the user documents that can be migrated. For an example, see the [Config.xml File](usmt-configxml-file.md) topic. For this reason, excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. However, you cannot use wildcard characters in a Config.xml file. +If you want to include all of the default components, you don't need to create the `Config.xml` file. Alternatively, if you're satisfied with the default migration behavior defined in the `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml` files, and you want to exclude only some components, you can create and modify a `Config.xml` file and leave the other .xml files in their original state. -If you want to include all of the default components, you do not need to create the Config.xml file. Alternatively, if you are satisfied with the default migration behavior defined in the MigApp.xml, MigDocs.xml, and MigUser.xml files, and you want to exclude only some components, you can create and modify a Config.xml file and leave the other .xml files in their original state. +When you run the `ScanState.exe` command with the `/genconfig` option, `ScanState.exe` reads the other .xml files that you specify using the `/i` option to create a custom list of components that can be migrated from the computer. This file will contain only operating system components, applications, and the user document sections that are in both of the .xml files and that are installed on the computer when you run the `ScanState.exe` command with the `/genconfig` option. Therefore, you should create this file on a source computer that contains all of the components, applications, and settings that will be present on the destination computers. Creating the file on the source computer will ensure that this file contains every component that can be migrated. The components are organized into sections: <Applications>, <WindowsComponents>, and <Documents>. To choose not to migrate a component, change its entry to `migrate="no"`. -When you run the **ScanState** command with the **/genconfig** option, **ScanState** reads the other .xml files that you specify using the **/i** option to create a custom list of components that can be migrated from the computer. This file will contain only operating system components, applications, and the user document sections that are in both of the .xml files and that are installed on the computer when you run the **ScanState** command with the **/genconfig** option. Therefore, you should create this file on a source computer that contains all of the components, applications, and settings that will be present on the destination computers. This will ensure that this file contains every component that can be migrated. The components are organized into sections: <Applications>, <WindowsComponents>, and <Documents>. To choose not to migrate a component, change its entry to `migrate="no"`. +After you create this file, you need to specify it only with the `ScanState.exe` command using the `/Config` option for it to affect the migration. However, if you want to exclude additional data that you migrated to the store, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. For example, if you collected the My Documents folder in the store, but you decide that you don't want to migrate the My Documents folder to a destination computer, you can modify the `Config.xml` file to indicate `migrate="no"` before you run the `LoadState.exe` command, and the file won't be migrated. For more information about the precedence that takes place when excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) article. -After you create this file, you need to specify it only with the **ScanState** command using the **/Config** option for it to affect the migration. However, if you want to exclude additional data that you migrated to the store, modify the Config.xml file and specify the updated file with the **LoadState** command. For example, if you collected the My Documents folder in the store, but you decide that you do not want to migrate the My Documents folder to a destination computer, you can modify the Config.xml file to indicate `migrate="no"` before you run the **LoadState** command, and the file will not be migrated. For more information about the precedence that takes place when excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) topic. +In addition, note the following functionality with the `Config.xml` file: -In addition, note the following functionality with the Config.xml file: - -- If a parent component is removed from the migration in the Config.xml file by specifying `migrate="no"`, all of its child components will automatically be removed from the migration, even if the child component is set to `migrate="yes"`. +- If a parent component is removed from the migration in the `Config.xml` file by specifying `migrate="no"`, all of its child components will automatically be removed from the migration, even if the child component is set to `migrate="yes"`. - If you mistakenly have two lines of code for the same component where one line specifies `migrate="no"` and the other line specifies `migrate="yes"`, the component will be migrated. -- In USMT there are several migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. For more information, see the [Config.xml File](usmt-configxml-file.md) topic. +- In USMT, there are several migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. For more information, see the [Config.xml File](usmt-configxml-file.md) article. -**Note**   -To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration. - - +> [!Note] +> To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration. ### Examples -- The following command creates a Config.xml file in the current directory, but it does not create a store: +- The following command creates a `Config.xml` file in the current directory, but it doesn't create a store: `scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:5` -- The following command creates an encrypted store using the Config.xml file and the default migration .xml files: +- The following command creates an encrypted store using the `Config.xml` file and the default migration .xml files: `scanstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:5 /encrypt /key:"mykey"` @@ -115,22 +107,12 @@ To exclude a component from the Config.xml file, set the **migrate** value to ** - For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). -- For more information about each .xml element, see the [XML Elements Library](usmt-xml-elements-library.md) topic. +- For more information about each .xml element, see the [XML Elements Library](usmt-xml-elements-library.md) article. -- For answers to common questions, see ".xml files" in the [Frequently Asked Questions](usmt-faq.yml) topic. - -## Related topics +- For answers to common questions, see ".xml files" in the [Frequently Asked Questions](usmt-faq.yml) article. +## Related articles [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md) -[USMT Resources](usmt-resources.md) - - - - - - - - - +[USMT Resources](usmt-resources.md) \ No newline at end of file diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index 571b2e6ed8..3c8c9cd5a6 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -1,6 +1,6 @@ --- title: Determine What to Migrate (Windows 10) -description: Determine migration settings for standard or customized for the User State Migration Tool (USMT) 10.0. +description: Determine migration settings for standard or customized for the User State Migration Tool (USMT) 10.0. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,11 +13,19 @@ ms.technology: itpro-deploy # Determine What to Migrate -By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration. +By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration. However, when considering what settings to migrate, you should also consider what settings you would like the user to be able to configure, if any, and what settings you would like to standardize. Many organizations use their migration as an opportunity to create and begin enforcing a better-managed environment. Some of the settings that users can configure on unmanaged computers prior to the migration can be locked on the new, managed computers. For example, standard wallpaper, Internet Explorer security settings, and desktop configuration are some of the items you can choose to standardize. -To reduce complexity and increase standardization, your organization should consider creating a *standard operating environment (SOE)*. An SOE is a combination of hardware and software that you distribute to all users. This means selecting a baseline for all computers, including standard hardware drivers; core operating system features; core productivity applications, especially if they are under volume licensing; and core utilities. This environment should also include a standard set of security features, as outlined in the organization’s corporate policy. Using a standard operating environment can vastly simplify the migration and reduce overall deployment challenges. +To reduce complexity and increase standardization, your organization should consider creating a *standard operating environment (SOE)*. An SOE is a combination of hardware and software that you distribute to all users. Creating an SOE means selecting: + +- A baseline for all computers, including standard hardware drivers +- Core operating system features +- Core productivity applications, especially if they are under volume licensing +- Core utilities. +- A standard set of security features, as outlined in the organization's corporate policy + +Using an SOE can vastly simplify the migration and reduce overall deployment challenges. ## In This Section @@ -28,6 +36,6 @@ To reduce complexity and increase standardization, your organization should cons |[Identify Operating System Settings](usmt-identify-operating-system-settings.md)|Use migration to create a new standard environment on each of the destination computers.| |[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)|Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.| -## Related topics +## Related articles [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) From db6fcb013947a235db2cdd988fcb7a149e7e7c14 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Wed, 2 Nov 2022 00:53:32 -0400 Subject: [PATCH 007/108] Metadata update deployment/usmt 5 --- ...rted-with-the-user-state-migration-tool.md | 53 ++--- .../usmt/migrate-application-settings.md | 70 ++++--- .../usmt/migration-store-types-overview.md | 10 +- .../usmt/offline-migration-reference.md | 48 ++--- .../usmt/understanding-migration-xml-files.md | 184 +++++++++--------- .../deployment/usmt/usmt-best-practices.md | 52 ++--- .../usmt/usmt-choose-migration-store-type.md | 2 +- windows/deployment/usmt/usmt-common-issues.md | 73 +++---- .../usmt/usmt-common-migration-scenarios.md | 21 +- .../deployment/usmt/usmt-configxml-file.md | 78 ++++---- .../usmt/usmt-conflicts-and-precedence.md | 78 ++++---- .../usmt/usmt-custom-xml-examples.md | 12 +- .../usmt/usmt-customize-xml-files.md | 45 +++-- 13 files changed, 363 insertions(+), 363 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 21d4d8c1a0..8eced69283 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -11,79 +11,80 @@ ms.technology: itpro-deploy ms.date: 11/01/2022 --- -# Getting Started with the User State Migration Tool (USMT) +# Getting started with the User State Migration Tool (USMT) + This article outlines the general process that you should follow to migrate files and settings. ## In this topic -- [Step 1: Plan Your Migration](#step-1-plan-your-migration) +- [Step 1: Plan Your Migration](#step-1-plan-your-migration) -- [Step 2: Collect files and settings from the source computer](#step-2-collect-files-and-settings-from-the-source-computer) +- [Step 2: Collect files and settings from the source computer](#step-2-collect-files-and-settings-from-the-source-computer) -- [Step 3: Prepare the destination computer and restore files and settings](#step-3-prepare-the-destination-computer-and-restore-files-and-settings) +- [Step 3: Prepare the destination computer and restore files and settings](#step-3-prepare-the-destination-computer-and-restore-files-and-settings) ## Step 1: Plan your migration -1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md). +1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md). -2. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys. +2. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys. -3. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). +3. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). -4. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) +4. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) -5. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. +5. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. - > [!Important] + > [!IMPORTANT] > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files. You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). -6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the `ScanState.exe` command. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: +6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the `ScanState.exe` command. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: `scanstate.exe /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scanstate.log` -7. Review the migration state of the components listed in the `Config.xml` file, and specify `migrate=no` for any components that you don't want to migrate. +7. Review the migration state of the components listed in the `Config.xml` file, and specify `migrate=no` for any components that you don't want to migrate. ## Step 2: Collect files and settings from the source computer -1. Back up the source computer. +1. Back up the source computer. -2. Close all applications. If some applications are running when you run the `Scanstate.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft® Office Outlook® is open, USMT might not migrate PST files. +2. Close all applications. If some applications are running when you run the `Scanstate.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft® Office Outlook® is open, USMT might not migrate PST files. - > [!Note] + > [!NOTE] > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail. -3. Run the `Scanstate.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `Scanstate.exe` command to use. For example, +3. Run the `Scanstate.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `Scanstate.exe` command to use. For example, `scanstate.exe \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log` - > [!Note] + > [!NOTE] > If the source computer is running Windows 7, or Windows 8, you must run the `Scanstate.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `Scanstate.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). -4. Run the `USMTUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted. +4. Run the `USMTUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted. ## Step 3: Prepare the destination computer and restore files and settings -1. Install the operating system on the destination computer. +1. Install the operating system on the destination computer. -2. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved. +2. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved. - > [!Note] + > [!NOTE] > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft® Office, which USMT can migrate from an older version to a newer version. -3. Close all applications. If some applications are running when you run the `Loadstate.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. +3. Close all applications. If some applications are running when you run the `Loadstate.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. - > [!Note] + > [!NOTE] > Use `/C` to continue your migration if errors are encountered, and use the `` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail. -4. Run the `Loadstate.exe` command on the destination computer. Specify the same set of .xml files that you specified when you used the `Scanstate.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `Loadstate.exe` command. Then, the `Loadstate.exe` command will migrate only the files and settings that you want to migrate. For more information about how the `Loadstate.exe` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). +4. Run the `Loadstate.exe` command on the destination computer. Specify the same set of .xml files that you specified when you used the `Scanstate.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `Loadstate.exe` command. Then, the `Loadstate.exe` command will migrate only the files and settings that you want to migrate. For more information about how the `Loadstate.exe` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). For example, the following command migrates the files and settings: `loadstate.exe \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` - > [!Note] + > [!NOTE] > Run the `Loadstate.exe` command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. -5. Sign out after you run the `Loadstate.exe` command. Some settings (for example, fonts, wallpaper, and screen saver settings) won't take effect until the next time that the user logs on. +5. Sign out after you run the `Loadstate.exe` command. Some settings (for example, fonts, wallpaper, and screen saver settings) won't take effect until the next time that the user logs on. diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 96de07fa10..fe13dd7b36 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -21,29 +21,29 @@ This article doesn't contain information about how to migrate applications that ## In this topic -- [Before You Begin](#bkmk-beforebegin) +- [Before You Begin](#bkmk-beforebegin) -- [Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer](#bkmk-step1). +- [Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer](#bkmk-step1). -- [Step 2: Identify settings to collect and determine where each setting is stored on the computer](#bkmk-step2). +- [Step 2: Identify settings to collect and determine where each setting is stored on the computer](#bkmk-step2). -- [Step 3: Identify how to apply the gathered settings](#bkmk-step3). +- [Step 3: Identify how to apply the gathered settings](#bkmk-step3). -- [Step 4: Create the migration XML component for the application](#bkmk-step4). +- [Step 4: Create the migration XML component for the application](#bkmk-step4). -- [Step 5: Test the application settings migration](#bkmk-step5). +- [Step 5: Test the application settings migration](#bkmk-step5). -## Before You Begin +## Before You Begin You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 7 on your test computer and then install the application. -## Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer. +## Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer Before USMT migrates the settings, you need it to check whether the application is installed on the source computer, and that it's the correct version. If the application isn't installed on the source computer, you probably don't want USMT to spend time searching for the application's settings. More importantly, if USMT collects settings for an application that isn't installed, it may migrate settings that will cause the destination computer to function incorrectly. You should also investigate whether there's more than one version of the application because the new version may not store the settings in the same place. Mismatched application versions may lead to unexpected results on the destination computer. There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry, and then search the computer for the executable file that installed the application. It's important that you check for both of these items, because sometimes different versions of the same application share the same uninstall key. So even if the key is there, it may not correspond to the version of the application that you want. -### Check the registry for an application uninstall key. +### Check the registry for an application uninstall key When many applications are installed (especially those installed using the Microsoft® Windows® Installer technology), an application uninstall key is created under: @@ -61,47 +61,45 @@ Usually, you can find this key by searching under for the name of the application, the name of the application executable file, or for the name of the company that makes the application. You can use the Registry Editor, `Regedit.exe` located in the `%SystemRoot%`, to search the registry. -### Check the file system for the application executable file. +### Check the file system for the application executable file You should also check the application binaries for the executable that installed the application. To check for application binaries, you'll first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you've determined the path to the application executable, you can use the `DoesFileVersionMatch` helper function to check for the correct version of the application executable. For an example of how to use the `DoesFileVersionMatch` helper function, see the Windows Live™ Messenger section of the `MigApp.xml` file. -## Step 2: Identify settings to collect and determine where each setting is stored on the computer. +## Step 2: Identify settings to collect and determine where each setting is stored on the computer Next, you should go through the user interface and make a list of all of the available settings. You can reduce the list if there are settings that you don't want to migrate. To determine where each setting is stored, you'll need to change each setting and monitor the activity on the registry and the file system. You don't need to migrate the binary files and registry settings that are made when the application is installed because you'll need to reinstall the application onto the destination computer. You only need to migrate those settings that are customizable. -### +### How to determine where each setting is stored -**How To Determine Where Each Setting is Stored** +1. Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](/sysinternals/). -1. Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](/sysinternals/). +2. Shut down as many applications as possible to limit the registry and file system activity on the computer. -2. Shut down as many applications as possible to limit the registry and file system activity on the computer. +3. Filter the output of the tools so it only displays changes being made by the application. -3. Filter the output of the tools so it only displays changes being made by the application. - - > [!Note] + > [!NOTE] > Most applications store their settings under the user profile. That is, the settings stored in the file system are under the `%UserProfile%` directory, and the settings stored in the registry are under the `HKEY_CURRENT_USER` hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine. -4. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you're changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically won't take effect until you close the dialog box by clicking **OK**. +4. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you're changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically won't take effect until you close the dialog box by clicking **OK**. -5. When the setting is changed, note the changes to the file system and registry. There may be more than one file or registry values for each setting. You should identify the minimal set of file and registry changes that are required to change this setting. This set of files and registry keys is what you will need to migrate in order to migrate the setting. +5. When the setting is changed, note the changes to the file system and registry. There may be more than one file or registry values for each setting. You should identify the minimal set of file and registry changes that are required to change this setting. This set of files and registry keys is what you will need to migrate in order to migrate the setting. - > [!Note] + > [!NOTE] > Changing an application setting invariably leads to writing to registry keys. If possible, filter the output of the file and registry monitor tool to display only writes to files and registry keys/values. -## Step 3: Identify how to apply the gathered settings. +## Step 3: Identify how to apply the gathered settings If the version of the application on the source computer is the same as the one on the destination computer, then you don't have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the `C:\Documents and Settings\User1\My Documents` folder and the profile directory on the destination computer is located at `D:\Users\User1`, then USMT will automatically migrate the file to `D:\Users\User1\My Documents`. However, you may need to modify the location of some settings in the following three cases: -### Case 1: The version of the application on the destination computer is newer than the one on the source computer. +### Case 1: The version of the application on the destination computer is newer than the one on the source computer In this case, the newer version of the application may be able to read the settings from the source computer without modification. That is, the data collected from an older version of the application is sometimes compatible with the newer version of the application. However, you may need to modify the setting location if either of the following conditions is true: -- **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings have been migrated. Some applications import settings automatically after settings are migrated. However, other applications will only do import settings if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version (which is the case in most migrations), the computer doesn't contain this set of files and registry keys so the mapping doesn't occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer. +- **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings have been migrated. Some applications import settings automatically after settings are migrated. However, other applications will only do import settings if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version (which is the case in most migrations), the computer doesn't contain this set of files and registry keys so the mapping doesn't occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer. - To identify which files and/or registry keys/values need to be created to cause the import, you should upgrade the older version of the application to the newer one and monitor the changes made to the file system and registry by using the same process described in [How To determine where each setting is stored](#bkmkdetermine). Once you know the set of files that the computer needs, you can use the **<addObjects>** element to add them to the destination computer. + To identify which files and/or registry keys/values need to be created to cause the import, you should upgrade the older version of the application to the newer one and monitor the changes made to the file system and registry by using the same process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). Once you know the set of files that the computer needs, you can use the **<addObjects>** element to add them to the destination computer. -- [The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.](#bkmkdetermine) In this case, you'll need to create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How To determine where each setting is stored](#bkmkdetermine). After you've created the mapping, apply the settings to the new location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. +- **The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.** In this case, you'll need to create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). After you've created the mapping, apply the settings to the new location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. ### Case 2: The destination computer already contains settings for the application. @@ -115,29 +113,29 @@ We recommend that you migrate the settings after you install the application, bu After you have completed steps 1 through 3, you'll need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the `MigApp.xml` file as a model because it contains examples of many of the concepts discussed in this article. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file. - > [!Note] + > [!NOTE] > We recommend that you create a separate .xml file instead of adding your script to the `MigApp.xml` file. This is because the `MigApp.xml` file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the `MigApp.xml` file will be overwritten by the default version of the file and you will lose your customized version. -> [!Important] +> [!IMPORTANT] > Some applications store information in the user profile that should not be migrated (for example, application installation paths, the computer name, and so on). You should make sure to exclude these files and registry keys from the migration. Your script should do the following actions: -1. Check whether the application and correct version is installed by: +1. Check whether the application and correct version is installed by: - - Searching for the installation uninstall key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` using the `DoesObjectExist` helper function. + - Searching for the installation uninstall key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` using the `DoesObjectExist` helper function. - - Checking for the correct version of the application executable file using the `DoesFileVersionMatch` helper function. + - Checking for the correct version of the application executable file using the `DoesFileVersionMatch` helper function. -2. If the correct version of the application is installed, then ensure that each setting is migrated to the appropriate location on the destination computer. +2. If the correct version of the application is installed, then ensure that each setting is migrated to the appropriate location on the destination computer. - - If the versions of the applications are the same on both the source and destination computers, migrate each setting using the **<include>** and **<exclude>** elements. + - If the versions of the applications are the same on both the source and destination computers, migrate each setting using the **<include>** and **<exclude>** elements. - - If the version of the application on the destination computer is newer than the one on the source computer, and the application can't import the settings, your script should either: + - If the version of the application on the destination computer is newer than the one on the source computer, and the application can't import the settings, your script should either: 1. Add the set of files that trigger the import using the **<addObjects>** element 2. Create a mapping that applies the old settings to the correct location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. - - If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the **<destinationCleanup>** element. + - If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the **<destinationCleanup>** element. For information about the .xml elements and helper functions, see [XML Elements Library](usmt-xml-elements-library.md). @@ -155,4 +153,4 @@ To speed up the time it takes to collect and migrate the data, you can migrate o [XML Elements Library](usmt-xml-elements-library.md) -[Log Files](usmt-log-files.md) \ No newline at end of file +[Log Files](usmt-log-files.md) diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 408d785e78..2f6c6b1b79 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -23,7 +23,7 @@ When planning your migration, you should determine which migration store type be [The /localonly Command-Line Option](#bkmk-localonly) -## Migration Store Types +## Migration Store Types This section describes the three migration store types available in USMT. @@ -45,19 +45,19 @@ The following flowchart illustrates the procedural differences between a local m ![migration store comparison.](images/dep-win8-l-usmt-migrationcomparemigstores.gif) -## Local Store vs. Remote Store +## Local Store vs. Remote Store If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share `C:\store` on the destination computer. Then run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store`. Then, run the `Loadstate.exe` command on the destination computer and specify `C:\Store` as the store location. By doing this process, you don't need to save the files to a server. -> [!Important] +> [!IMPORTANT] > If possible, have users store their data within their `%UserProfile%\My Documents` and `%UserProfile%\Application Data` folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. -### The /localonly Command-Line Option +### The /localonly Command-Line Option You should use this option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify `/LocalOnly`, see [ScanState Syntax](usmt-scanstate-syntax.md). ## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) \ No newline at end of file +[Plan Your Migration](usmt-plan-your-migration.md) diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index e0ec4d4ad1..a32631093a 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -15,51 +15,51 @@ ms.technology: itpro-deploy Offline migration enables the ScanState tool to run inside a different Windows® operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios: -- **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. +- **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. -- **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory. +- **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory. When you use User State Migration Tool (USMT) 10.0 to gather and restore user state, offline migration reduces the cost of deployment by: -- **Reducing complexity.** In computer-refresh scenarios, migrations from the Windows.old directory reduce complexity by eliminating the need for the ScanState tool to be run before the operating system is deployed. Also, migrations from the Windows.old directory enable ScanState and LoadState to be run successively. +- **Reducing complexity.** In computer-refresh scenarios, migrations from the Windows.old directory reduce complexity by eliminating the need for the ScanState tool to be run before the operating system is deployed. Also, migrations from the Windows.old directory enable ScanState and LoadState to be run successively. -- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. Running USMT in WinPE may increase performance on older machines with limited hardware resources and numerous installed software applications. +- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. Running USMT in WinPE may increase performance on older machines with limited hardware resources and numerous installed software applications. -- **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE. +- **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE. ## In this topic -- [What Will Migrate Offline?](#bkmk-whatwillmigrate) +- [What Will Migrate Offline?](#bkmk-whatwillmigrate) -- [What Offline Environments are Supported?](#bkmk-offlineenvironments) +- [What Offline Environments are Supported?](#bkmk-offlineenvironments) -- [User-Group Membership and Profile Control](#bkmk-usergroupmembership) +- [User-Group Membership and Profile Control](#bkmk-usergroupmembership) -- [Command-Line Options](#bkmk-commandlineoptions) +- [Command-Line Options](#bkmk-commandlineoptions) -- [Environment Variables](#bkmk-environmentvariables) +- [Environment Variables](#bkmk-environmentvariables) -- [Offline.xml Elements](#bkmk-offlinexml) +- [Offline.xml Elements](#bkmk-offlinexml) -## What Will Migrate Offline? +## What Will Migrate Offline? The following user data and settings migrate offline, similar to an online migration: -- Data and registry keys specified in MigXML +- Data and registry keys specified in MigXML -- User accounts +- User accounts -- Application settings +- Application settings -- Limited set of operating-system settings +- Limited set of operating-system settings -- EFS files +- EFS files -- Internet Explorer® Favorites +- Internet Explorer® Favorites For exceptions to what you can migrate offline, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) -## What Offline Environments are Supported? +## What Offline Environments are Supported? The following table defines the supported combination of online and offline operating systems in USMT. @@ -68,10 +68,10 @@ The following table defines the supported combination of online and offline oper |WinPE 5.0 or greater, with the MSXML library|Windows 7, Windows 8, Windows 10| |Windows 7, Windows 8, Windows 10|Windows.old directory| -> [!Note] +> [!NOTE] > It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](/previous-versions/windows/it-pro/windows-7/ee424315(v=ws.10)). -## User-Group Membership and Profile Control +## User-Group Membership and Profile Control User-group membership isn't preserved during offline migrations. You must configure a **<ProfileControl>** section in the `Config.xml` file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group: @@ -93,7 +93,7 @@ User-group membership isn't preserved during offline migrations. You must config For information about the format of a `Config.xml` file, see [Config.xml File](usmt-configxml-file.md). -## Command-Line Options +## Command-Line Options An offline migration can either be enabled by using a configuration file on the command line, or by using one of the following command line options: @@ -105,7 +105,7 @@ An offline migration can either be enabled by using a configuration file on the You can use only one of the `/offline`, `/offlineWinDir`, or `/OfflineWinOld` command-line options at a time. USMT doesn't support using more than one together. -## Environment Variables +## Environment Variables The following system environment variables are necessary in the scenarios outlined below. @@ -173,4 +173,4 @@ The following XML example illustrates some of the elements discussed earlier in ## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) \ No newline at end of file +[Plan Your Migration](usmt-plan-your-migration.md) diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 9d0c7dd33b..18fed52688 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -43,7 +43,7 @@ This article provides an overview of the default and custom migration XML files [Next Steps](#bkmk-next) -## Overview of the Config.xml file +## Overview of the Config.xml file The `Config.xml` file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The `Config.xml` file can be used with other XML files, such as in the following example: @@ -54,133 +54,133 @@ When used this way, the `Config.xml` file tightly controls aspects of the migrat > [!NOTE] > When modifying the XML elements in the `Config.xml` file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. -## Overview of the MigApp.xml file +## Overview of the MigApp.xml file The `MigApp.xml` file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the `MigApp.xml` file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The `MigDocs.xml` and `MigUser.xml` files don't migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). -> [!Important] +> [!IMPORTANT] > The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that are not linked to Outlook, see the [Sample migration rules for customized versions of XML files](#bkmk-samples). -## Overview of the MigDocs.xml file +## Overview of the MigDocs.xml file The `MigDocs.xml` file uses the new `GenerateDocPatterns` helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the `MigDocs.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The default `MigDocs.xml` file migrates the following data: -- All files on the root of the drive except %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA%, or %USERS%. +- All files on the root of the drive except `%WINDIR%`, `%PROGRAMFILES%`, `%PROGRAMDATA%`, or `%USERS%`. -- All folders in the root directory of all fixed drives. For example: c:\\data\_mail\\\*\[\*\] +- All folders in the root directory of all fixed drives. For example: `c:\data_mail\*[*]` -- All files from the root of the Profiles folder, except for files in the system profile. For example: c:\\users\\name\[mail.pst\] +- All files from the root of the Profiles folder, except for files in the system profile. For example: `c:\users\name[mail.pst]` -- All folders from the root of the Profiles folder, except for the system-profile folders. For example: c:\\users\\name\\new folder\\\*\[\*\] +- All folders from the root of the Profiles folder, except for the system-profile folders. For example: `c:\users\name\new folder\*[*]` -- Standard shared folders: +- Standard shared folders: - - CSIDL\_COMMON\_DESKTOPDIRECTORY + - CSIDL\_COMMON\_DESKTOPDIRECTORY - - CSIDL\_COMMON\_FAVORITES + - CSIDL\_COMMON\_FAVORITES - - CSIDL\_COMMON\_DOCUMENTS + - CSIDL\_COMMON\_DOCUMENTS - - CSIDL\_COMMON\_MUSIC + - CSIDL\_COMMON\_MUSIC - - CSIDL\_COMMON\_PICTURES + - CSIDL\_COMMON\_PICTURES - - CSIDL\_COMMON\_VIDEO + - CSIDL\_COMMON\_VIDEO - - FOLDERID\_PublicDownloads + - FOLDERID\_PublicDownloads -- Standard user-profile folders for each user: +- Standard user-profile folders for each user: - - CSIDL\_MYDOCUMENTS + - CSIDL\_MYDOCUMENTS - - CSIDL\_MYPICTURES + - CSIDL\_MYPICTURES - - FOLDERID\_OriginalImages + - FOLDERID\_OriginalImages - - CSIDL\_MYMUSIC + - CSIDL\_MYMUSIC - - CSIDL\_MYVIDEO + - CSIDL\_MYVIDEO - - CSIDL\_FAVORITES + - CSIDL\_FAVORITES - - CSIDL\_DESKTOP + - CSIDL\_DESKTOP - - CSIDL\_QUICKLAUNCH + - CSIDL\_QUICKLAUNCH - - FOLDERID\_Contacts + - FOLDERID\_Contacts - - FOLDERID\_Libraries + - FOLDERID\_Libraries - - FOLDERID\_Downloads + - FOLDERID\_Downloads - - FOLDERID\_SavedGames + - FOLDERID\_SavedGames - - FOLDERID\_RecordedTV + - FOLDERID\_RecordedTV The default `MigDocs.xml` file won't migrate the following data: -- Files tagged with both the **hidden** and **system** attributes. +- Files tagged with both the **hidden** and **system** attributes. -- Files and folders on removable drives. +- Files and folders on removable drives. -- Data from the %WINDIR%, %PROGRAMDATA%, and %PROGRAMFILES% folders. +- Data from the %WINDIR%, %PROGRAMDATA%, and %PROGRAMFILES% folders. -- Folders that contain installed applications. +- Folders that contain installed applications. You can also use the `/genmigxml` option with the ScanState tool to review and modify what files will be migrated. -## Overview of the MigUser.xml file +## Overview of the MigUser.xml file The `MigUser.xml` file includes instructions for USMT to migrate user files based on file name extensions. You can use the `MigUser.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The `MigUser.xml` file will gather all files from the standard user-profile folders, and any files on the computer with the specified file name extensions. The default `MigUser.xml` file migrates the following data: -- All files from the standard user-profile folders, which are described as: +- All files from the standard user-profile folders, which are described as: - - CSIDL\_MYVIDEO + - CSIDL\_MYVIDEO - - CSIDL\_MYMUSIC + - CSIDL\_MYMUSIC - - CSIDL\_DESKTOP + - CSIDL\_DESKTOP - - CSIDL\_STARTMENU + - CSIDL\_STARTMENU - - CSIDL\_PERSONAL + - CSIDL\_PERSONAL - - CSIDL\_MYPICTURES + - CSIDL\_MYPICTURES - - CSIDL\_FAVORITES + - CSIDL\_FAVORITES - - CSIDL\_QUICK LAUNCH + - CSIDL\_QUICK LAUNCH -- Files with the following extensions: +- Files with the following extensions: `.qdf`, `.qsd`, `.qel`, `.qph`, `.doc*`, `.dot*`, `.rtf`, `.mcw`, `.wps`, `.scd`, `.wri`, `.wpd`, `.xl*`, `.csv`, `.iqy`, `.dqy`, `.oqy`, `.rqy`, `.wk*`, `.wq1`, `.slk`, `.dif`, `.ppt*`, `.pps*`, `.pot*`, `.sh3`, `.ch3`, `.pre`, `.ppa`, `.txt`, `.pst`, `.one*`, `.vl*`, `.vsd`, `.mpp`, `.or6`, `.accdb`, `.mdb`, `.pub` The default `MigUser.xml` file doesn't migrate the following data: -- Files tagged with both the **hidden** and **system** attributes. +- Files tagged with both the **hidden** and **system** attributes. -- Files and folders on removable drives, +- Files and folders on removable drives, -- Data from the %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA% folders. +- Data from the %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA% folders. -- ACLS for files in folders outside the user profile. +- ACLS for files in folders outside the user profile. You can make a copy of the `MigUser.xml` file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the `MigUser.xml` file to move all of your relevant data, regardless of the location of the files. However, this provision may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. > [!NOTE] > Each file name extension you include in the rules within the `MigUser.xml` file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. -## Using multiple XML files +## Using multiple XML files You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with more migration rules. |XML migration file|Modifies the following components:| |--- |--- | -|Config.xml file|Operating-system components such as desktop wallpaper and background theme.
You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| +|Config.xml file|Operating-system components such as desktop wallpaper and background theme.
You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| |MigApps.xml file|Applications settings.| |MigUser.xml or `MigDocs.xml` files|User files and profile settings.| |Custom XML files|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.| @@ -191,7 +191,7 @@ For example, you can use all of the XML migration file types for a single migrat Scanstate.exe /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml ``` -### XML rules for migrating user files +### XML rules for migrating user files > [!IMPORTANT] > You should not use the `MigUser.xml` and `MigDocs.xml` files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. @@ -200,7 +200,7 @@ If your data set is unknown or if many files are stored outside of the standard If you want more control over the migration, you can create custom XML files. See the [Creating and editing a custom ,xml file](#bkmk-createxml) section of this document. -## Creating and editing a custom XML file +## Creating and editing a custom XML file You can use the `/genmigxml` command-line option to determine which files will be included in your migration. The `/genmigxml` option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. @@ -209,13 +209,13 @@ You can use the `/genmigxml` command-line option to determine which files will b To generate the XML migration rules file for a source computer: -1. Select **Start** > **All Programs** > **Accessories** - -2. Right-click **Command Prompt**, and then select **Run as**. +1. Select **Start** > **All Programs** > **Accessories** -3. Select an account with administrator privileges, supply a password, and then select **OK**. +2. Right-click **Command Prompt**, and then select **Run as**. -4. At the command prompt, type: +3. Select an account with administrator privileges, supply a password, and then select **OK**. + +4. At the command prompt, type: ```console cd /d @@ -229,7 +229,7 @@ To generate the XML migration rules file for a source computer: scanstate.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml" ``` -### The GenerateDocPatterns function +### The GenerateDocPatterns function The `MigDocs.xml` file calls the `GenerateDocPatterns` function, which takes three Boolean values. You can change the settings to modify the way the `MigDocs.xml` file generates the XML rules for migration. @@ -287,67 +287,67 @@ To create exclude data patterns: ``` -### Understanding the system and user context +### Understanding the system and user context The migration XML files contain two <component> elements with different **context** settings. The system context applies to files on the computer that aren't stored in the User Profiles directory, while the user context applies to files that are particular to an individual user. -**System context** +#### System context The system context includes rules for data outside of the User Profiles directory. For example, when called in a system context in the `MigDocs.xml` file, the `GenerateDocPatterns` function creates patterns for all common shell folders, files in the root directory of hard drives, and folders located at the root of hard drives. The following folders are included: -- CSIDL\_COMMON\_DESKTOPDIRECTORY +- CSIDL\_COMMON\_DESKTOPDIRECTORY -- CSIDL\_COMMON\_FAVORITES +- CSIDL\_COMMON\_FAVORITES -- CSIDL\_COMMON\_DOCUMENTS +- CSIDL\_COMMON\_DOCUMENTS -- CSIDL\_COMMON\_MUSIC +- CSIDL\_COMMON\_MUSIC -- CSIDL\_COMMON\_PICTURES +- CSIDL\_COMMON\_PICTURES -- CSIDL\_COMMON\_VIDEO +- CSIDL\_COMMON\_VIDEO -- FOLDERID\_PublicDownloads +- FOLDERID\_PublicDownloads -**User context** +#### User context The user context includes rules for data in the User Profiles directory. When called in a user context in the `MigDocs.xml` file, the `GenerateDocPatterns` function creates patterns for all user shell folders, files located at the root of the profile, and folders located at the root of the profile. The following folders are included: -- CSIDL\_MYDOCUMENTS +- CSIDL\_MYDOCUMENTS -- CSIDL\_MYPICTURES +- CSIDL\_MYPICTURES -- FOLDERID\_OriginalImages +- FOLDERID\_OriginalImages -- CSIDL\_MYMUSIC +- CSIDL\_MYMUSIC -- CSIDL\_MYVIDEO +- CSIDL\_MYVIDEO -- CSIDL\_FAVORITES +- CSIDL\_FAVORITES -- CSIDL\_DESKTOP +- CSIDL\_DESKTOP -- CSIDL\_QUICKLAUNCH +- CSIDL\_QUICKLAUNCH -- FOLDERID\_Contacts +- FOLDERID\_Contacts -- FOLDERID\_Libraries +- FOLDERID\_Libraries -- FOLDERID\_Downloads +- FOLDERID\_Downloads -- FOLDERID\_SavedGames +- FOLDERID\_SavedGames -- FOLDERID\_RecordedTV +- FOLDERID\_RecordedTV > [!NOTE] > Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the `MigDocs.xml` files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. - ### Sample migration rules for customized versions of XML files +### Sample migration rules for customized versions of XML files > [!NOTE] > For best practices and requirements for customized XML files in USMT, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [General Conventions](usmt-general-conventions.md). -### Exclude rules usage examples +### Exclude rules usage examples In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default `MigDocs.xml` behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: @@ -358,7 +358,7 @@ In the examples below, the source computer has a .txt file called "new text docu To exclude the new text document.txt file and any .txt files in "new folder", you can do the following modification: -**Example 1: Exclude all .txt files in a folder** +#### Example 1: Exclude all .txt files in a folder To exclude Rule 1, there needs to be an exact match of the file name. However, for Rule 2, you can create a pattern to exclude files by using the file name extension. @@ -371,7 +371,7 @@ To exclude Rule 1, there needs to be an exact match of the file name. However, f ``` -**Example 2: Use the UnconditionalExclude element to give a rule precedence over include rules** +#### Example 2: Use the UnconditionalExclude element to give a rule precedence over include rules If you don't know the file name or location of the file, but you do know the file name extension, you can use the `GenerateDrivePatterns` function. However, the rule will be less specific than the default include rule generated by the `MigDocs.xml` file, so it will not have precedence. You must use the <UnconditionalExclude> element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). @@ -383,9 +383,9 @@ If you don't know the file name or location of the file, but you do know the fil ``` -**Example 3 : Use a UserandSystem context component to run rules in both contexts** +#### Example 3 : Use a UserandSystem context component to run rules in both contexts -If you want the <UnconditionalExclude> element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts. +If you want the **<UnconditionalExclude>** element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts. ``` xml @@ -404,11 +404,11 @@ If you want the <UnconditionalExclude> element to apply to both the system For more examples of exclude rules that you can use in custom migration XML files, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md). -### Include rules usage examples +### Include rules usage examples The application data directory is the most common location that you would need to add an include rule for. The `GenerateDocPatterns` function excludes this location by default. If your company uses an application that saves important data to this location, you can create include rules to migrate the data. For example, the default location for .pst files is: `%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook`. The `MigApp.xml` file contains migration rules to move only those .pst files that are linked to Microsoft Outlook. To include .pst files that aren't linked, you can do the following modification: -**Example 1: Include a file name extension in a known user folder** +#### Example 1: Include a file name extension in a known user folder This rule will include .pst files that are located in the default location, but aren't linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer. @@ -420,7 +420,7 @@ This rule will include .pst files that are located in the default location, but ``` -**Example 2: Include a file name extension in Program Files** +#### Example 2: Include a file name extension in Program Files For locations outside the user profile, such as the Program Files folder, you can add the rule to the system context component. @@ -437,7 +437,7 @@ For more examples of include rules that you can use in custom migration XML file > [!NOTE] > For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). -## Next steps +## Next steps You can include additional rules for the migration in the `MigDocs.xml` file or other XML migration files. For example, you can use the `` element to move files from the folder where they were gathered to a different folder, when they're applied to the destination computer. diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 059df90121..2f6e9b3c0d 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -18,35 +18,35 @@ This article discusses general and security-related best practices when using Us ## General Best Practices -- **Install applications before running the LoadState tool** +- **Install applications before running the LoadState tool** Though it isn't always essential, it's best practice to install all applications on the destination computer before restoring the user state. Installing applications before restoring user state helps ensure that migrated settings are preserved. -- **Don't use MigUser.xml and MigDocs.xml together** +- **Don't use MigUser.xml and MigDocs.xml together** If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the `/genmigxml` command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md). -- **Use MigDocs.xml for a better migration experience** +- **Use MigDocs.xml for a better migration experience** If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` file is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file will gather a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The `MigUser.xml` file migrates only the files with the specified file extensions. -- **Close all applications before running either the ScanState or LoadState tools** +- **Close all applications before running either the ScanState or LoadState tools** Although using the `/vsc` switch can allow the migration of many files that are open with another application, it's a best practice to close all applications in order to ensure all files and settings migrate. Without the `/vsc` or `/c` switch USMT will fail when it can't migrate a file or setting. When you use the `/c` option, USMT will ignore any files or settings that it can't migrate and log an error each time. -- **Log off after you run the LoadState** +- **Log off after you run the LoadState** Some settings, such as fonts, wallpaper, and screensaver settings, won't take effect until the next time the user logs on. For this reason, you should sign out after you run the LoadState tool. -- **Managed environment** +- **Managed environment** To create a managed environment, you can move all of the end user's documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. Minimizing folders will help you to clean up files on the destination computer, if the `LoadState.exe` command fails before completion. -- **Chkdsk.exe** +- **Chkdsk.exe** We recommend that you run **Chkdsk.exe** before running the ScanState and LoadState tools. **Chkdsk.exe** creates a status report for a hard disk drive and lists and corrects common errors. For more information about the **Chkdsk.exe** tool, see [Chkdsk](/previous-versions/windows/it-pro/windows-xp/bb490876(v=technet.10)). -- **Migrate in groups** +- **Migrate in groups** If you decide to perform the migration while users are using the network, it's best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups. @@ -54,40 +54,40 @@ This article discusses general and security-related best practices when using Us As the authorized administrator, it is your responsibility to protect the privacy of the users and maintain security during and after the migration. In particular, you must consider the following issues: -- **Encrypting File System (EFS)** +- **Encrypting File System (EFS)** Take extreme caution when migrating encrypted files, because the end user doesn't need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). - > [!Note] + > [!NOTE] > If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. -- **Encrypt the store** +- **Encrypt the store** Consider using the `/encrypt` option with the `ScanState.exe` command and the `/decrypt` option with the `LoadState.exe` command. However, use extreme caution with this set of options, because anyone who has access to the `ScanState.exe` command-line script also has access to the encryption key. -- **Virus Scan** +- **Virus Scan** We recommend that you scan both the source and destination computers for viruses before running USMT. In addition, you should scan the destination computer image. To help protect data from viruses, we strongly recommend running an antivirus utility before migration. -- **Maintain security of the file server and the deployment server** +- **Maintain security of the file server and the deployment server** We recommend that you manage the security of the file and deployment servers. It's important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files isn't exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657). -- **Password Migration** +- **Password Migration** To ensure the privacy of the end users, USMT doesn't migrate passwords, including passwords for applications such as Windows Live™ Mail, Microsoft Internet Explorer®, and Remote Access Service (RAS) connections and mapped network drives. It's important to make sure that end users know their passwords. -- **Local Account Creation** +- **Local Account Creation** Before you migrate local accounts, see the Migrating Local Accounts section in the [Identify Users](usmt-identify-users.md) article. ## XML File Best Practices -- **Specify the same set of mig\*.xml files in both the ScanState and the LoadState tools** +- **Specify the same set of mig\*.xml files in both the ScanState and the LoadState tools** If you used a particular set of mig\*.xml files in the ScanState tool, either called through the `/auto` option, or individually through the `/i` option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. -- **The <CustomFileName> in the migration urlid should match the name of the file** +- **The <CustomFileName> in the migration urlid should match the name of the file** Although it isn't a requirement, it's good practice for **<CustomFileName>** to match the name of the file. For example, the following example is from the `MigApp.xml` file: @@ -96,15 +96,15 @@ As the authorized administrator, it is your responsibility to protect the privac ``` -- **Use the XML Schema (MigXML.xsd) when authoring .xml files to validate syntax** +- **Use the XML Schema (MigXML.xsd) when authoring .xml files to validate syntax** The `MigXML.xsd` schema file shouldn't be included on the command line or in any of the .xml files. -- **Use the default migration XML files as models** +- **Use the default migration XML files as models** To create a custom .xml file, you can use the migration .xml files as models to create your own. If you need to migrate user data files, model your custom .xml file on `MigUser.xml`. To migrate application settings, model your custom .xml file on the `MigApp.xml` file. -- **Consider the impact on performance when using the <context> parameter** +- **Consider the impact on performance when using the <context> parameter** Your migration performance can be affected when you use the **<context>** element with the **<component>** element; for example, as in when you want to encapsulate logical units of file- or path-based **<include>** and **<exclude>** rules. @@ -114,24 +114,24 @@ As the authorized administrator, it is your responsibility to protect the privac In the **UserAndSystem** context, a rule is processed one time for each user on the system and one time for the system. - > [!Note] + > [!NOTE] > The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once. -- **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files** +- **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files** For example, if you have code that migrates the settings for an application, you shouldn't just add the code to the `MigApp.xml` file. -- **You should not create custom .xml files to alter the operating system settings that are migrated** +- **You should not create custom .xml files to alter the operating system settings that are migrated** These settings are migrated by manifests and you can't modify those files. If you want to exclude certain operating system settings from the migration, you should create and modify a `Config.xml` file. -- **You can use the asterisk (\*) wildcard character in any migration XML file that you create** +- **You can use the asterisk (\*) wildcard character in any migration XML file that you create** - > [!Note] + > [!NOTE] > The question mark is not valid as a wildcard character in USMT .xml files. ## Related articles [Migration Store Encryption](usmt-migration-store-encryption.md) -[Plan Your Migration](usmt-plan-your-migration.md) \ No newline at end of file +[Plan Your Migration](usmt-plan-your-migration.md) diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index 702d5a9783..5c2fee2a99 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -28,4 +28,4 @@ One of the main considerations for planning your migration is to determine which [Plan Your Migration](usmt-plan-your-migration.md) -[User State Migration Tool (USMT) How-to topics](usmt-how-to.md) \ No newline at end of file +[User State Migration Tool (USMT) How-to topics](usmt-how-to.md) diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 65c77a5059..fd31f45b47 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -29,7 +29,7 @@ The following sections discuss common issues that you might see when you run the [Hard Link Migration Problems](#bkmk-hardlink) -[USMT doesn't migrate the Start layout](#usmt-does-not-migrate-the-start-layout) +[USMT doesn't migrate the Start layout](#usmt-doesnt-migrate-the-start-layout) ## General Guidelines for Identifying Migration Problems @@ -39,7 +39,7 @@ When you encounter a problem or error message during migration, you can use the In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the `/v:5` option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger. - > [!Note] + > [!NOTE] > Running the ScanState and LoadState tools with the `/v:5` option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred. - Use the `/Verify` option with the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md). @@ -54,18 +54,18 @@ When you encounter a problem or error message during migration, you can use the - Close all applications before running ScanState or LoadState tools. If some applications are running during the ScanState or LoadState process, USMT might not migrate some data. For example, if Microsoft Outlook® is open, USMT might not migrate PST files. - > [!Note] + > [!NOTE] > USMT will fail if it can't migrate a file or setting unless you specify the `/c` option. When you specify the `/c` option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that didn't migrate. -## User Account Problems +## User Account Problems The following sections describe common user account problems. Expand the section to see recommended solutions. -### I'm having problems creating local accounts on the destination computer. +### I'm having problems creating local accounts on the destination computer **Resolution:** For more information about creating accounts and migrating local accounts, see [Migrate User Accounts](usmt-migrate-user-accounts.md). -### Not all of the user accounts were migrated to the destination computer. +### Not all of the user accounts were migrated to the destination computer **Causes/Resolutions** There are two possible causes for this problem: @@ -76,40 +76,40 @@ When running the ScanState and LoadState tools on Windows 7, Windows 8, or Windo 2. Right-click **Command Prompt**. 3. Select **Run as administrator**. - + 4. Specify the `LoadState.exe` or `ScanState.exe` command. If you don't run USMT in Administrator mode, only the user profile that is logged on will be included in the migration. Any user accounts on the computer that haven't been used won't be migrated. For example, if you add User1 to the computer, but User1 never logs on, then USMT won't migrate the User1 account. -### User accounts that I excluded were migrated to the destination computer. +### User accounts that I excluded were migrated to the destination computer **Cause:** The command that you specified might have had conflicting `ui` and `/ue` options. If a user is specified with the `/ui` option and with either the `/ue` or `/uel` options at the same time, the user will be included in the migration. For example, if you specify `/ui:domain1\* /ue:domain1\user1`, then User1 will be migrated because the `/ui` option takes precedence. **Resolution:** For more information about how to use the `/ui` and `/ue` options together, see the examples in the [ScanState Syntax](usmt-scanstate-syntax.md) article. -### I'm using the /uel option, but many accounts are still being included in the migration. +### I'm using the /uel option, but many accounts are still being included in the migration **Cause:** The `/uel` option depends on the last modified date of the users' NTUser.dat file. There are scenarios in which this last modified date might not match the users' last sign-in date. **Resolution:** This is a limitation of the `/uel` option. You might need to exclude these users manually with the `/ue` option. -### The LoadState tool reports an error as return code 71 and fails to restore a user profile during a migration test. +### The LoadState tool reports an error as return code 71 and fails to restore a user profile during a migration test **Cause:** During a migration test, if you run the ScanState tool on your test computer and then delete user profiles in order to test the LoadState tool on the same computer, you may have a conflicting key present in the registry. Using the **net use** command to remove a user profile will delete folders and files associated with that profile, but won't remove the registry key. **Resolution:** To delete a user profile, use the **User Accounts** item in Control Panel. To correct an incomplete deletion of a user profile: -1. Open the registry editor by typing `regedit` at an elevated command prompt. +1. Open the registry editor by typing `regedit` at an elevated command prompt. -2. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList`. +2. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList`. Each user profile is stored in a System Identifier key under `ProfileList`. -3. Delete the key for the user profile you're trying to remove. +3. Delete the key for the user profile you're trying to remove. -### Files that weren't encrypted before the migration are now encrypted with the account used to run the LoadState tool. +### Files that weren't encrypted before the migration are now encrypted with the account used to run the LoadState tool **Cause:** The ScanState tool was run using the `/EFS:copyraw` option to migrate encrypted files and Encrypting File System (EFS) certificates. The encryption attribute was set on a folder that was migrated, but the attribute was removed from file contents of that folder prior to migration. @@ -117,7 +117,7 @@ Any user accounts on the computer that haven't been used won't be migrated. For To remove encryption from files that have already been migrated incorrectly, you must sign into the computer with the account that you used to run the LoadState tool and then remove the encryption from the affected files. -### The LoadState tool reports an error as return code 71 and a Windows Error 2202 in the log file. +### The LoadState tool reports an error as return code 71 and a Windows Error 2202 in the log file **Cause:** The computer name was changed during an offline migration of a local user profile. @@ -128,7 +128,7 @@ loadstate.exe /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /progress:prog.log /l:load.log /mu:fareast\user1:farwest\user1 ``` -## Command-line Problems +## Command-line Problems The following sections describe common command-line problems. Expand the section to see recommended solutions. @@ -144,8 +144,7 @@ The following sections describe common command-line problems. Expand the section **Resolution:** To fix this issue in this scenario, specify the `/l:scan.log` or `/l:load.log` option. -## XML File Problems - +## XML File Problems The following sections describe common XML file problems. Expand the section to see recommended solutions. @@ -157,27 +156,27 @@ The following sections describe common XML file problems. Expand the section to `scanstate.exe /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:scanstate.log` -### I'm having problems with a custom .xml file that I authored, and I can't verify that the syntax is correct. +### I'm having problems with a custom .xml file that I authored, and I can't verify that the syntax is correct **Resolution:** You can load the XML schema file `MigXML.xsd` into your XML authoring tool. `MigXML.xsd` is included with USMT. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there's a syntax error. For more information about using the XML elements, see [USMT XML Reference](usmt-xml-reference.md). -### I'm using a MigXML helper function, but the migration isn't working the way I expected it to. How do I troubleshoot this issue? +### I'm using a MigXML helper function, but the migration isn't working the way I expected it to. How do I troubleshoot this issue? **Cause:** Typically, this issue is caused by incorrect syntax used in a helper function. You receive a Success return code, but the files you wanted to migrate didn't get collected or applied, or weren't collected or applied in the way you expected. **Resolution:** You should search the ScanState or LoadState log for either the component name that contains the MigXML helper function, or the MigXML helper function title, so that you can locate the related warning in the log file. -## Migration Problems +## Migration Problems The following sections describe common migration problems. Expand the section to see recommended solutions. -### Files that I specified to exclude are still being migrated. +### Files that I specified to exclude are still being migrated **Cause:** There might be another rule that is including the files. If there's a more specific rule or a conflicting rule, the files will be included in the migration. **Resolution:** For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md) and the Diagnostic Log section in [Log Files](usmt-log-files.md). -### I specified rules to move a folder to a specific location on the destination computer, but it hasn't migrated correctly. +### I specified rules to move a folder to a specific location on the destination computer, but it hasn't migrated correctly **Cause:** There might be an error in the XML syntax. @@ -193,7 +192,7 @@ The following sections describe common migration problems. Expand the section to [Custom XML Examples](usmt-custom-xml-examples.md) -### After LoadState completes, the new desktop background doesn't appear on the destination computer. +### After LoadState completes, the new desktop background doesn't appear on the destination computer There are three typical causes for this issue. @@ -211,7 +210,7 @@ There are three typical causes for this issue. **Resolution:** Run the ScanState and LoadState tools from within an account with administrative credentials. ---> -### I included MigApp.xml in the migration, but some PST files aren't migrating. +### I included MigApp.xml in the migration, but some PST files aren't migrating **Cause:** The `MigApp.xml` file migrates only the PST files that are linked to Outlook profiles. @@ -227,35 +226,37 @@ There are three typical causes for this issue. 1. With the user signed in, back up the Start layout using the following Windows PowerShell command. You can specify a different path if desired: - ``` + ```powershell Export-StartLayout -Path "C:\Layout\user1.xml" ``` + 2. Migrate the user's profile with USMT. + 3. Before the user signs in on the new device, import the Start layout using the following Windows PowerShell command: - ``` + ```powershell Import-StartLayout -LayoutPath "C:\Layout\user1.xml" -MountPath %systemdrive% ``` This workaround changes the Default user's Start layout. The workaround doesn't scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device, you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout. -## Offline Migration Problems +## Offline Migration Problems The following sections describe common offline migration problems. Expand the section to see recommended solutions. -### Some of my system settings don't migrate in an offline migration. +### Some of my system settings don't migrate in an offline migration **Cause:** Some system settings, such as desktop backgrounds and network printers, aren't supported in an offline migration. For more information, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) **Resolution:** In an offline migration, these system settings must be restored manually. -### The ScanState tool fails with return code 26. +### The ScanState tool fails with return code 26 **Cause:** A common cause of return code 26 is that a temp profile is active on the source computer. This profile maps to c:\\users\\temp. The ScanState log shows a MigStartupOfflineCaught exception that includes the message "User profile duplicate SID error". **Resolution:** You can reboot the computer to get rid of the temp profile or you can set MIG\_FAIL\_ON\_PROFILE\_ERROR=0 to skip the error and exclude the temp profile. -### Include and Exclude rules for migrating user profiles don't work the same offline as they do online. +### Include and Exclude rules for migrating user profiles don't work the same offline as they do online **Cause:** When offline, the DNS server can't be queried to resolve the user name and SID mapping. @@ -269,7 +270,7 @@ The wild card (\*) at the end of the SID will migrate the *SID*\_Classes key as You can also use patterns for SIDs that identify generic users or groups. For example, you can use the `/ue:*-500` option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](/troubleshoot/windows-server/identity/security-identifiers-in-windows). -### My script to wipe the disk fails after running the ScanState tool on a 64-bit system. +### My script to wipe the disk fails after running the ScanState tool on a 64-bit system **Cause:** The HKLM registry hive isn't unloaded after the ScanState tool has finished running. @@ -279,17 +280,17 @@ You can also use patterns for SIDs that identify generic users or groups. For ex reg.exe unload hklm\$dest$software ``` -## Hard-Link Migration Problems +## Hard-Link Migration Problems The following sections describe common hard-link migration problems. Expand the section to see recommended solutions. -### EFS files aren't restored to the new partition. +### EFS files aren't restored to the new partition **Cause:** EFS files can't be moved to a new partition with a hard link. The `/efs:hardlink` command-line option is only applicable to files migrated on the same partition. **Resolution:** Use the `/efs:copyraw` command-line option to copy EFS files during the migration instead of creating hard links, or manually copy the EFS files from the hard-link store. -### The ScanState tool can't delete a previous hard-link migration store. +### The ScanState tool can't delete a previous hard-link migration store **Cause:** The migration store contains hard links to locked files. @@ -309,4 +310,4 @@ You should also reboot the machine. [Return Codes](usmt-return-codes.md) -[UsmtUtils Syntax](usmt-utilities.md) \ No newline at end of file +[UsmtUtils Syntax](usmt-utilities.md) diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index 5853303709..cdb081b177 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -37,13 +37,13 @@ One common scenario is when the operating system is upgraded on existing hardwar [Scenario Three: Managed network migration](#bkmk-threepcreplace) -## PC-Refresh +## PC-Refresh The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer. ![usmt pc refresh scenario.](images/dep-win8-l-usmt-pcrefresh.jpg) -### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store +### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store A company has received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer. @@ -53,7 +53,7 @@ A company has received funds to update the operating system on all of its comput 3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer. -### Scenario Two: PC-refresh using a compressed migration store +### Scenario Two: PC-refresh using a compressed migration store A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server. @@ -63,7 +63,7 @@ A company has received funds to update the operating system on all of its comput 3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer. -### Scenario Three: PC-refresh using a hard-link migration store +### Scenario Three: PC-refresh using a hard-link migration store A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer. @@ -73,7 +73,7 @@ A company has received funds to update the operating system on all of its comput 3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer. -### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store +### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer. @@ -83,14 +83,13 @@ A company has decided to update the operating system on all of its computers to 3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the `/hardlink /nocompress` command-line options. -## PC-Replacement - +## PC-Replacement The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer. ![usmt pc replace scenario.](images/dep-win8-l-usmt-pcreplace.jpg) -### Scenario One: Offline migration using WinPE and an external migration store +### Scenario One: Offline migration using WinPE and an external migration store A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled offline, without a network connection. @@ -100,7 +99,7 @@ A company is allocating 20 new computers to users in the accounting department. 3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers. -### Scenario Two: Manual network migration +### Scenario Two: Manual network migration A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store. @@ -112,7 +111,7 @@ A company receives 50 new laptops for their managers and needs to reallocate 50 4. On the old computers, the administrator installs the company's SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use. -### Scenario Three: Managed network migration +### Scenario Three: Managed network migration A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a sign-in script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store. @@ -128,4 +127,4 @@ A company is allocating 20 new computers to users in the accounting department. [Choose a Migration Store Type](usmt-choose-migration-store-type.md) -[Offline Migration Reference](offline-migration-reference.md) \ No newline at end of file +[Offline Migration Reference](offline-migration-reference.md) diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 6b6606f31d..8143e98216 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -13,8 +13,6 @@ ms.technology: itpro-deploy # Config.xml File -## Config.xml File - The `Config.xml` file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the `/genconfig` option with the ScanState tool. If you want to include all of the default components, and don't want to change the default store-creation or profile-migration behavior, you don't need to create a `Config.xml` file. However, if you're satisfied with the default migration behavior defined in the `MigApp.xml`, `MigUser.xml` and `MigDocs.xml` files, but you want to exclude certain components, you can create and modify a `Config.xml` file and leave the other .xml files unchanged. For example, you must create and modify the `Config.xml` file if you want to exclude any of the operating-system settings that are migrated. It's necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior. @@ -23,7 +21,7 @@ The `Config.xml` file has a different format than the other migration .xml files For more information about using the `Config.xml` file with other migration files, such as the `MigDocs.xml` and `MigApps.xml` files, see [Understanding Migration XML Files](understanding-migration-xml-files.md). -> [!Note] +> [!NOTE] > To exclude a component from the `Config.xml` file, set the **migrate** value to **no**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration. ## In this topic @@ -64,21 +62,21 @@ In USMT there are new migration policies that can be configured in the `Config.x [Sample Config.xml File](#bkmk-sampleconfigxjmlfile) -## <Policies> +## <Policies> The **<Policies>** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **<Policies>** element are **<ErrorControl>** and **<HardLinkStoreControl>**. The **<Policies>** element is a child of **<Configuration>**. Syntax: `` `` -## <ErrorControl> +## <ErrorControl> The **<ErrorControl>** element is an optional element you can configure in the `Config.xml` file. The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. -- **Number of occurrences**: Once for each component +- **Number of occurrences**: Once for each component -- **Parent elements**: The **<Policies>** element +- **Parent elements**: The **<Policies>** element -- **Child elements**: The **<fileError>** and **<registryError>** element +- **Child elements**: The **<fileError>** and **<registryError>** element Syntax: `` `` @@ -101,15 +99,15 @@ Additionally, the order in the **<ErrorControl>** section implies priority > [!IMPORTANT] > The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. -### <fatal> +### <fatal> The **<fatal>** element isn't required. -- **Number of occurrences**: Once for each component +- **Number of occurrences**: Once for each component -- **Parent elements**: **<fileError>** and **<registryError>** +- **Parent elements**: **<fileError>** and **<registryError>** -- **Child elements**: None. +- **Child elements**: None. Syntax: `` *<pattern>* `` @@ -119,29 +117,29 @@ Syntax: `` *<pattern>* `` You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. -## <fileError> +## <fileError> The **<fileError>** element isn't required. -- **Number of occurrences**: Once for each component +- **Number of occurrences**: Once for each component -- **Parent elements**: **<ErrorControl>** +- **Parent elements**: **<ErrorControl>** -- **Child elements**: **<nonFatal>** and **<fatal>** +- **Child elements**: **<nonFatal>** and **<fatal>** Syntax: `` `` You use the **<fileError>** element to represent the behavior associated with file errors. -## <nonFatal> +## <nonFatal> The **<nonFatal>** element isn't required. -- **Number of occurrences**: Once for each component +- **Number of occurrences**: Once for each component -- **Parent elements**: The **<fileError>** and **<registryError>** elements. +- **Parent elements**: The **<fileError>** and **<registryError>** elements. -- **Child elements**: None. +- **Child elements**: None. Syntax: `` *<pattern>* `` @@ -151,15 +149,15 @@ Syntax: `` *<pattern>* `` You use the **<nonFatal>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. -## <registryError> +## <registryError> -The <registryError> element isn't required. +The **<registryError>** element isn't required. -- **Number of occurrences**: Once for each component +- **Number of occurrences**: Once for each component -- **Parent elements**: **<ErrorControl>** +- **Parent elements**: **<ErrorControl>** -- **Child elements**: **<nonfatal>** and **<fatal>** +- **Child elements**: **<nonfatal>** and **<fatal>** Syntax: `` `` @@ -169,17 +167,17 @@ Syntax: `` `` You use the **<registryError>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. -## <HardLinkStoreControl> +## <HardLinkStoreControl> The **<HardLinkStoreControl>** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **<fileLocked>**. Syntax: `` `` -- **Number of occurrences**: Once for each component +- **Number of occurrences**: Once for each component -- **Parent elements**: **<Policies>** +- **Parent elements**: **<Policies>** -- **Child elements**: **<fileLocked>** +- **Child elements**: **<fileLocked>** Syntax: `` `` @@ -202,43 +200,43 @@ The **<HardLinkStoreControl>** sample code below specifies that hard links ``` -## <fileLocked> +## <fileLocked> The **<fileLocked>** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **<fileLocked>** element are processed in the order in which they appear in the XML file. Syntax: `` `` -## <createHardLink> +## <createHardLink> The **<createHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. Syntax: `` *<pattern>* `` -## <errorHardLink> +## <errorHardLink> The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that isn't possible, **Error\_Locked** is thrown. This error is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. Syntax: `` *<pattern>* `` -## <ProfileControl> +## <ProfileControl> This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **<ProfileMigration>** is a child of **<Configuration>**. Syntax: <`ProfileControl>` `` -## <localGroups> +## <localGroups> This element is used to contain other elements that establish rules for how to migrate local groups. **<localGroups>** is a child of **<ProfileControl>**. Syntax: `` `` -## <mappings> +## <mappings> This element is used to contain other elements that establish mappings between groups. Syntax: `` `` -## <changeGroup> +## <changeGroup> This element describes the source and destination groups for a local group membership change during the migration. It's a child of **<localGroups>**. The following parameters are defined: @@ -252,19 +250,19 @@ The valid and required children of **<changeGroup>** are **<include> Syntax: `` `` -## <include> +## <include> This element specifies that its required child, *<pattern>*, should be included in the migration. Syntax: `` `` -## <exclude> +## <exclude> This element specifies that its required child, *<pattern>*, should be excluded from the migration. Syntax: `` `` -## Sample Config.xml File +## Sample Config.xml File Refer to the following sample `Config.xml` file for more details about items you can choose to exclude from a migration.
@@ -467,4 +465,4 @@ Refer to the following sample `Config.xml` file for more details about items you ## Related articles -[USMT XML Reference](usmt-xml-reference.md) \ No newline at end of file +[USMT XML Reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index 8e0dec0e09..47383f7df6 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -15,47 +15,47 @@ ms.technology: itpro-deploy When you include, exclude, and reroute files and settings, it's important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind. -- **If there are conflicting rules within a component, the most specific rule is applied.** However, the **<unconditionalExclude>** rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples) later in this article. +- **If there are conflicting rules within a component, the most specific rule is applied.** However, the **<unconditionalExclude>** rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples) later in this article. -- **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components don't affect each other, except for the **<unconditionalExclude>** rule. +- **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components don't affect each other, except for the **<unconditionalExclude>** rule. -- **If the rules are equally specific, <exclude> takes precedence over <include>.** For example, if you use the **<exclude>** rule to exclude a file and use the **<include>** rule to include the same file, the file will be excluded. +- **If the rules are equally specific, <exclude> takes precedence over <include>.** For example, if you use the **<exclude>** rule to exclude a file and use the **<include>** rule to include the same file, the file will be excluded. -- **The ordering of components does not matter.** It doesn't matter which components are listed in which .xml file, because each component is processed independently of the other components across all of the .xml files. +- **The ordering of components does not matter.** It doesn't matter which components are listed in which .xml file, because each component is processed independently of the other components across all of the .xml files. -- **The ordering of the <include> and <exclude> rules within a component does not matter.** +- **The ordering of the <include> and <exclude> rules within a component does not matter.** -- **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other **<include>** rules that are in the .xml files. For example, you can use the **<unconditionalExclude>** element to exclude all MP3 files on the computer or to exclude all files from **C:\\UserData**. +- **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other **<include>** rules that are in the .xml files. For example, you can use the **<unconditionalExclude>** element to exclude all MP3 files on the computer or to exclude all files from **C:\\UserData**. ## In this topic **General** -- [What is the relationship between rules that are located within different components?](#bkmk2) +- [What is the relationship between rules that are located within different components?](#bkmk2) -- [How does precedence work with the Config.xml file?](#bkmk3) +- [How does precedence work with the Config.xml file?](#bkmk3) -- [How does USMT process each component in an .xml file with multiple components?](#bkmk4) +- [How does USMT process each component in an .xml file with multiple components?](#bkmk4) -- [How are rules processed?](#bkmk5) +- [How are rules processed?](#bkmk5) -- [How does USMT combine all of the .xml files that I specify on the command line?](#bkmk6) +- [How does USMT combine all of the .xml files that I specify on the command line?](#bkmk6) **The <include> and <exclude> rules** -- [What happens when there are conflicting include and exclude rules?](#bkmk1) +- [What happens when there are conflicting include and exclude rules?](#bkmk1) -- [<include> and <exclude> precedence examples](#precexamples) +- [<include> and <exclude> precedence examples](#precexamples) **File collisions** -- [What is the default behavior when there are file collisions?](#collisions) +- [What is the default behavior when there are file collisions?](#collisions) -- [How does the <merge> rule work when there are file collisions?](#bkmk11) +- [How does the <merge> rule work when there are file collisions?](#bkmk11) ## General -### What is the relationship between rules that are located within different components? +### What is the relationship between rules that are located within different components? Only rules inside the same component can affect each other, depending on specificity, except for the **<unconditionalExclude>** rule. Rules that are in different components don't affect each other. If there's an **<include>** rule in one component and an identical **<exclude>** rule in another component, the data will be migrated because the two rules are independent of each other. @@ -93,7 +93,7 @@ The following .xml file migrates all files from C:\\Userdocs, including .mp3 fil ``` -### How does precedence work with the Config.xml file? +### How does precedence work with the Config.xml file? Specifying `migrate="no"` in the `Config.xml` file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded. @@ -105,25 +105,25 @@ Specifying `migrate="no"` in the `Config.xml` file is the same as deleting the c ``` -### How does USMT process each component in an .xml file with multiple components? +### How does USMT process each component in an .xml file with multiple components? The ordering of components doesn't matter. Each component is processed independently of other components. For example, if you have an **<include>** rule in one component and a **<locationModify>** rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the **<include>** rule, and it will be migrated based on the **<locationModify>** rule. -### How are rules processed? +### How are rules processed? There are two broad categories of rules. -- **Rules that affect the behavior of both the ScanState and LoadState tools**. For example, the **<include>**, **<exclude>**, and **<unconditionalExclude>** rules are processed for each component in the .xml files. For each component, USMT creates an include list and an exclude list. Some of the rules in the component might be discarded due to specificity, but all of the remaining rules are processed. For each **<include>** rule, USMT iterates through the elements to see if any of the locations need to be excluded. USMT enumerates all of the objects and creates a list of objects it's going to collect for each user. Once the list is complete, each of the objects is stored or migrated to the destination computer. +- **Rules that affect the behavior of both the ScanState and LoadState tools**. For example, the **<include>**, **<exclude>**, and **<unconditionalExclude>** rules are processed for each component in the .xml files. For each component, USMT creates an include list and an exclude list. Some of the rules in the component might be discarded due to specificity, but all of the remaining rules are processed. For each **<include>** rule, USMT iterates through the elements to see if any of the locations need to be excluded. USMT enumerates all of the objects and creates a list of objects it's going to collect for each user. Once the list is complete, each of the objects is stored or migrated to the destination computer. -- **Rules that affect the behavior of only the LoadState tool**. For example, the **<locationModify>**, **<contentModify>**, and **<destinationCleanup>** rules don't affect ScanState. They're processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the **<locationModify>** and **<contentModify>** rules. Then, LoadState processes all of the **<destinationCleanup>** rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer. +- **Rules that affect the behavior of only the LoadState tool**. For example, the **<locationModify>**, **<contentModify>**, and **<destinationCleanup>** rules don't affect ScanState. They're processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the **<locationModify>** and **<contentModify>** rules. Then, LoadState processes all of the **<destinationCleanup>** rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer. -### How does USMT combine all of the .xml files that I specify on the command line? +### How does USMT combine all of the .xml files that I specify on the command line? USMT doesn't distinguish the .xml files based on their name or content. It processes each component within the files separately. USMT supports multiple .xml files only to make it easier to maintain and organize the components within them. Because USMT uses a urlid to distinguish each component from the others, be sure that each .xml file that you specify on the command line has a unique migration urlid. -## The <include> and <exclude> rules +## The <include> and <exclude> rules -### What happens when there are conflicting <include> and <exclude> rules? +### What happens when there are conflicting <include> and <exclude> rules? If there are conflicting rules within a component, the most specific rule is applied, except with the **<unconditionalExclude>** rule, which takes precedence over all other rules. If the rules are equally specific, then the data won't be migrated. For example if you exclude a file, and include the same file, the file won't be migrated. If there are conflicting rules within different components, the rules don't affect each other because each component is processed independently. @@ -142,15 +142,15 @@ In the following example, mp3 files won't be excluded from the migration. The mp ``` -### <include> and **<exclude>** rules precedence examples +### <include> and **<exclude>** rules precedence examples These examples explain how USMT deals with **<include>** and **<exclude>** rules. When the rules are in different components, the resulting behavior will be the same regardless of whether the components are in the same or in different migration .xml files. -- [Including and excluding files](#filesex) +- [Including and excluding files](#filesex) -- [Including and excluding registry objects](#regex) +- [Including and excluding registry objects](#regex) -### Including and excluding files +### Including and excluding files | If you have the following code in the same component | Resulting behavior | Explanation | |-----|-----|-----| @@ -167,7 +167,7 @@ These examples explain how USMT deals with **<include>** and **<exclude | Component 1:
  • Include rule: C:\Dir1\Dir2* []

Component 2:
  • Exclude rule: C:\Dir1* [.txt]
| Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders. | Both rules are processed as intended. | | Component 1:
  • Exclude rule: C:\Dir1\Dir2* []

Component 2:
  • Include rule: C:\Dir1* [.txt]
| Migrates all .txt files in Dir1 and any subfolders. | Component 1 doesn't contain an **<include>** rule, so the **<exclude>** rule isn't processed. | -### Including and excluding registry objects +### Including and excluding registry objects | If you have the following code in the same component | Resulting behavior | Explanation | |-----|-----|-----| @@ -181,11 +181,11 @@ These examples explain how USMT deals with **<include>** and **<exclude ## File collisions -### What is the default behavior when there are file collisions? +### What is the default behavior when there are file collisions? If there isn't a **<merge>** rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on. -### How does the <merge> rule work when there are file collisions? +### How does the <merge> rule work when there are file collisions? When a collision is detected, USMT will select the most specific **<merge>** rule and apply it to resolve the conflict. For example, if you have a **<merge>** rule for **C:\\\* \[\*\]** set to **sourcePriority()** and another **<merge>** rule for **C:\\subfolder\\\* \[\*\]** set to **destinationPriority()** , then USMT uses the **destinationPriority()** rule because it's the most specific. @@ -193,17 +193,17 @@ When a collision is detected, USMT will select the most specific **<merge> The source computer contains the following files: -- C:\\Data\\SampleA.txt +- `C:\Data\SampleA.txt` -- C:\\Data\\SampleB.txt +- `C:\Data\SampleB.txt` -- C:\\Data\\Folder\\SampleB.txt +- `C:\Data\Folder\SampleB.txt` The destination computer contains the following files: -- C:\\Data\\SampleB.txt +- `C:\Data\SampleB.txt` -- C:\\Data\\Folder\\SampleB.txt +- `C:\Data\SampleB.txt` You have a custom .xml file that contains the following code: @@ -217,7 +217,7 @@ You have a custom .xml file that contains the following code: For this example, the following information describes the resulting behavior if you add the code to your custom .xml file. -**Example 1** +#### Example 1 ```xml @@ -229,7 +229,7 @@ For this example, the following information describes the resulting behavior if **Result**: During ScanState, all the files will be added to the store. During LoadState, only `C:\Data\SampleA.txt` will be restored. -**Example 2** +#### Example 2 ```xml @@ -242,7 +242,7 @@ For this example, the following information describes the resulting behavior if **Result**: During ScanState, all the files will be added to the store. During LoadState, all the files will be restored, overwriting the existing files on the destination computer. -**Example 3** +#### Example 3 ```xml diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index fe1f25909d..4e749bc6c1 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -13,7 +13,7 @@ ms.date: 11/01/2022 # Custom XML Examples -## Example 1: Migrating an Unsupported Application +## Example 1: Migrating an Unsupported Application The following template is a template for the sections that you need to migrate your application. The template isn't functional on its own, but you can use it to write your own .xml file. @@ -85,9 +85,10 @@ The following template is a template for the sections that you need to migrate y ``` + -## Example 2: Migrating the My Videos Folder +## Example 2: Migrating the My Videos Folder The following sample is a custom .xml file named `CustomFile.xml` that migrates **My Videos** for all users, if the folder exists on the source computer. @@ -132,9 +133,10 @@ The following sample is a custom .xml file named `CustomFile.xml` that migrates ``` + -## Example 3: Migrating Files and Registry Keys +## Example 3: Migrating Files and Registry Keys The sample patterns describe the behavior in the following example .xml file. @@ -189,9 +191,10 @@ The sample patterns describe the behavior in the following example .xml file. ``` + -## Example 4: Migrating Specific Folders from Various Locations +## Example 4: Migrating Specific Folders from Various Locations The behavior for this custom .xml file is described within the `` tags in the code. @@ -268,6 +271,7 @@ The behavior for this custom .xml file is described within the `` t ``` + ## Related articles diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 497fe8f067..45d046b40c 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -27,7 +27,7 @@ ms.technology: itpro-deploy [Additional Information](#bkmk-addlinfo) -## Overview +## Overview If you want the ScanState and LoadState tools to use any of the migration .xml files, specify these files at the command line using the `/i` option. Because the ScanState and LoadState tools need the .xml files to control the migration, specify the same set of .xml files for both the `ScanState.exe` and `LoadState.exe` commands. However, you don't have to specify the `Config.xml` file with the `/config` option, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store but not to the destination computer. To achieve this scenario, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. Then the `LoadState.exe` command will migrate only the files and settings that you want to migrate. @@ -47,27 +47,27 @@ To modify the migration, do one or more of the following. For more information about excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) article. -## Migration .xml Files +## Migration .xml Files This section describes the migration .xml files that are included with USMT. Each file contains migration rules that control which components are migrated and where they're migrated to on the destination computer. -> [!Note] +> [!NOTE] > You can use the asterisk (\*) wildcard character in each of these files. However, you cannot use a question mark (?) as a wildcard character. -- **The MigApp.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate application settings. +- **The MigApp.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate application settings. -- **The MigDocs.xml file.** Specify this file with both the ScanState and LoadState tools to migrate all user folders and files that are found by the **MigXmlHelper.GenerateDocPatterns** helper function. This helper function finds user data that resides on the root of any drive and in the Users directory. However, it doesn't find and migrate any application data, program files, or any files in the Windows directory. You can modify the `MigDocs.xml` file. +- **The MigDocs.xml file.** Specify this file with both the ScanState and LoadState tools to migrate all user folders and files that are found by the **MigXmlHelper.GenerateDocPatterns** helper function. This helper function finds user data that resides on the root of any drive and in the Users directory. However, it doesn't find and migrate any application data, program files, or any files in the Windows directory. You can modify the `MigDocs.xml` file. -- **The MigUser.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate user folders, files, and file types. You can modify the `MigUser.xml` file. This file doesn't contain rules that migrate specific user accounts. The only way to specify which user accounts to migrate is on the command line using the ScanState and the LoadState user options. +- **The MigUser.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate user folders, files, and file types. You can modify the `MigUser.xml` file. This file doesn't contain rules that migrate specific user accounts. The only way to specify which user accounts to migrate is on the command line using the ScanState and the LoadState user options. -> [!Note] +> [!NOTE] > Don't use the `MigUser.xml` and `MigDocs.xml` files together. For more information, see the [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) and [USMT Best Practices](usmt-best-practices.md) articles. -## Custom .xml Files +## Custom .xml Files You can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior. If you want `ScanState.exe` and `LoadState.exe` to use this file, specify it with both commands. For more information, see the [Custom XML Examples](usmt-custom-xml-examples.md) article. -## The Config.xml File +## The Config.xml File The `Config.xml` file is an optional file that you create using the `/genconfig` option with the `ScanState.exe` command. You should create and modify this file if you want to exclude certain components from the migration. In addition, you must create and modify this file if you want to exclude any of the operating system settings from being migrated. The `Config.xml` file format is different from the migration .xml files because it doesn't contain any migration rules. It contains only a list of the operating system components, applications, and the user documents that can be migrated. For an example, see the [Config.xml File](usmt-configxml-file.md) article. For this reason, excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. However, you can't use wildcard characters in a `Config.xml` file. @@ -79,40 +79,39 @@ After you create this file, you need to specify it only with the `ScanState.exe` In addition, note the following functionality with the `Config.xml` file: -- If a parent component is removed from the migration in the `Config.xml` file by specifying `migrate="no"`, all of its child components will automatically be removed from the migration, even if the child component is set to `migrate="yes"`. +- If a parent component is removed from the migration in the `Config.xml` file by specifying `migrate="no"`, all of its child components will automatically be removed from the migration, even if the child component is set to `migrate="yes"`. -- If you mistakenly have two lines of code for the same component where one line specifies `migrate="no"` and the other line specifies `migrate="yes"`, the component will be migrated. +- If you mistakenly have two lines of code for the same component where one line specifies `migrate="no"` and the other line specifies `migrate="yes"`, the component will be migrated. -- In USMT, there are several migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. For more information, see the [Config.xml File](usmt-configxml-file.md) article. +- In USMT, there are several migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. For more information, see the [Config.xml File](usmt-configxml-file.md) article. -> [!Note] +> [!NOTE] > To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration. -### Examples +### Examples -- The following command creates a `Config.xml` file in the current directory, but it doesn't create a store: +- The following command creates a `Config.xml` file in the current directory, but it doesn't create a store: `scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:5` -- The following command creates an encrypted store using the `Config.xml` file and the default migration .xml files: +- The following command creates an encrypted store using the `Config.xml` file and the default migration .xml files: `scanstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:5 /encrypt /key:"mykey"` -- The following command decrypts the store and migrates the files and settings: +- The following command decrypts the store and migrates the files and settings: `loadstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:5 /decrypt /key:"mykey"` -## Additional Information +## Additional Information +- For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). -- For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). +- For more information about each .xml element, see the [XML Elements Library](usmt-xml-elements-library.md) article. -- For more information about each .xml element, see the [XML Elements Library](usmt-xml-elements-library.md) article. - -- For answers to common questions, see ".xml files" in the [Frequently Asked Questions](usmt-faq.yml) article. +- For answers to common questions, see ".xml files" in the [Frequently Asked Questions](usmt-faq.yml) article. ## Related articles [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md) -[USMT Resources](usmt-resources.md) \ No newline at end of file +[USMT Resources](usmt-resources.md) From 8e5ea5f1bd91f4aa54e6d2583a088e5f52d136b2 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Wed, 2 Nov 2022 10:03:50 -0400 Subject: [PATCH 008/108] Metadata update deployment/usmt 6 --- .../usmt-estimate-migration-store-size.md | 93 ++++++++----------- .../usmt/usmt-what-does-usmt-migrate.md | 4 +- 2 files changed, 39 insertions(+), 58 deletions(-) diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index fd4bdf87e0..cb1b1ff570 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -11,61 +11,57 @@ ms.topic: article ms.technology: itpro-deploy --- -# Estimate Migration Store Size - +# Estimate migration store size The disk space requirements for a migration are dependent on the size of the migration store and the type of migration. You can estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure. You can also calculate the disk space requirements using the ScanState tool. -## In This Topic +## In this topic +- [Hard Disk Space Requirements](#hard-disk-space-requirements): Describes the disk space requirements for the migration store and other considerations on the source and destination computers. -- [Hard Disk Space Requirements](#bkmk-spacereqs). Describes the disk space requirements for the migration store and other considerations on the source and destination computers. +- [Calculate Disk Space Requirements Using the ScanState Tool](#calculate-disk-space-requirements-using-the-scanstate-tool): Describes how to use the ScanState tool to determine how large the migration store will be on a particular computer. -- [Calculate Disk Space Requirements Using the ScanState Tool](#bkmk-calcdiskspace). Describes how to use the ScanState tool to determine how large the migration store will be on a particular computer. +- [Estimate Migration Store Size](#estimate-migration-store-size): Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure. -- [Estimate Migration Store Size](#bkmk-estmigstoresize). Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure. +## Hard disk space requirements -## Hard Disk Space Requirements +- **Store**: For non-hard-link migrations, you should ensure that there's enough available disk space at the location where you'll save your store to contain the data being migrated. You can save your store to another partition, an external storage device such as a USB flash drive or a server. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). +- **Source Computer**: The source computer needs enough available space for the following items: -- **Store.** For non-hard-link migrations, you should ensure that there is enough available disk space at the location where you will save your store to contain the data being migrated. You can save your store to another partition, an external storage device such as a USB flash drive or a server. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). + - **E250 megabytes (MB) minimum of hard disk space**: Space is needed to support the User State Migration Tool (USMT) 10.0 operations, for example, growth in the page file. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless of the size of the migration. The USMT tools won't create the migration store if 250 MB of disk space isn't available. -- **Source Computer.** The source computer needs enough available space for the following: + - **Temporary space for USMT to run**: Extra disk space for the USMT tools to operate is required. This disk space requirement doesn't include the minimum 250 MB needed to create the migration store. The amount of temporary space required can be calculated using the ScanState tool. - - [E250 megabytes (MB) minimum of hard disk space.](#bkmk-estmigstoresize) Space is needed to support the User State Migration Tool (USMT) 10.0 operations, for example, growth in the page file. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless of the size of the migration. The USMT tools will not create the migration store if 250 MB of disk space is not available. + - **Hard-link migration store**: It isn't necessary to estimate the size of a hard-link migration store. The only case where the hard-link store can be large is when non-NTFS file volumes exist on the system and those volumes contain data being migrated. - - [Temporary space for USMT to run.](#bkmk-estmigstoresize) Extra disk space for the USMT tools to operate is required. This does not include the minimum 250 MB needed to create the migration store. The amount of temporary space required can be calculated using the ScanState tool. +- **Destination computer**: The destination computer needs enough available space for the following components: - - [Hard-link migration store.](#bkmk-estmigstoresize) It is not necessary to estimate the size of a hard-link migration store. The only case where the hard-link store can be large is when non-NTFS file systems exist on the system and contain data being migrated. + - **Operating system** -- [Destination computer.](#bkmk-estmigstoresize) The destination computer needs enough available space for the following components: + - **Applications** - - [Operating system.](#bkmk-estmigstoresize) + - **Data being migrated**: Data being migrated includes files and registry information. - - [Applications.](#bkmk-estmigstoresize) + - **Temporary space for USMT to run**: Extra disk space for the USMT tools to operate is required. The amount of temporary space required can be calculated using the ScanState tool. - - [Data being migrated.](#bkmk-estmigstoresize) It is important to consider that in addition to the files being migrated, registry information will also require hard disk space for storage. +## Calculate disk space requirements using the ScanState tool - - [Temporary space for USMT to run.](#bkmk-estmigstoresize) Extra disk space for the USMT tools to operate is required. The amount of temporary space required can be calculated using the ScanState tool. +You can use the ScanState tool to calculate the disk space requirements for a particular compressed or uncompressed migration. It isn't necessary to estimate the migration store size for a hard-link migration since this method doesn't create a separate migration store. The ScanState tool provides disk space requirements for the state of the computer at the time the tool is run. The state of the computer may change during day-to-day use so it's recommended that you use the calculations as an estimate when planning your migration. -## Calculate Disk Space Requirements using the ScanState Tool +To run the ScanState tool on the source computer with USMT installed: +1. Open a command prompt with administrator privileges. -You can use the ScanState tool to calculate the disk space requirements for a particular compressed or uncompressed migration. It is not necessary to estimate the migration store size for a hard-link migration since this method does not create a separate migration store. The ScanState tool provides disk space requirements for the state of the computer at the time the tool is run. The state of the computer may change during day-to-day use so it is recommended that you use the calculations as an estimate when planning your migration. - -**To run the ScanState tool on the source computer with USMT installed,** - -1. Open a command prompt with administrator privileges. - -2. Navigate to the USMT tools. For example, type +2. Navigate to the USMT tools. For example, type: ``` syntax cd /d "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\User State Migration Tool\" ``` - Where *<architecture>* is x86 or amd64. + where *<architecture>* is x86 or amd64. -3. Run the **ScanState** tool to generate an XML report of the space requirements. At the command prompt, type +3. Run the **ScanState** tool to generate an XML report of the space requirements. At the command prompt, type: ``` syntax ScanState.exe /p: @@ -77,16 +73,14 @@ You can use the ScanState tool to calculate the disk space requirements for a pa ScanState.exe c:\store /p:c:\spaceRequirements.xml ``` - The migration store will not be created by running this command, but `StorePath` is a required parameter. + Although a migration store isn't created by running this command, the *<StorePath>* is still a required parameter. The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this condition in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). -**Note**   -To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the **/p** option, without specifying *<path to a file>* is still available in USMT. +> [!NOTE] +> To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the `/p` option is still available in USMT without having to specify the path to a file. See [Monitoring Options](usmt-scanstate-syntax.md#monitoring-options) for more information. - - -The space requirements report provides two elements, <**storeSize**> and <**temporarySpace**>. The <**temporarySpace**> value shows the disk space, in bytes, that USMT uses to operate during the migration—this does not include the minimum 250 MB needed to support USMT. The <**storeSize**> value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using **/p:***<path to a file>*. +The space requirements report provides two elements, <**storeSize**> and <**temporarySpace**>. The <**temporarySpace**> value shows the disk space, in bytes, that USMT uses to operate during the migration but it doesn't include the minimum 250 MB needed to support USMT. The <**storeSize**> value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using `/p:`*<path to a file>*. ```xml @@ -100,38 +94,25 @@ The space requirements report provides two elements, <**storeSize**> and & ``` -Additionally, USMT performs a compliance check for a required minimum of 250 MB of available disk space and will not create a store if the compliance check fails. +Additionally, USMT performs a compliance check for a required minimum of 250 MB of available disk space and won't create a store if the compliance check fails. -## Estimate Migration Store Size +## Estimate migration store size - -Determine how much space you will need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate the required space is to survey several computers to arrive at an average for the size of the store that you will need. +Determine how much space you'll need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate the required space is to survey several computers to arrive at an average for the size of the store that you'll need. The amount of space that is required in the store will vary, depending on the local storage strategies your organization uses. For example, one key element that determines the size of migration data sets is e-mail storage. If e-mail is stored centrally, data sets will be smaller. If e-mail is stored locally, such as offline-storage files, data sets will be larger. Mobile users will typically have larger data sets than workstation users. You should perform tests and inventory the network to determine the average data set size in your organization. -**Note**   -You can create a space-estimate file (Usmtsize.txt), by using the legacy **/p** command-line option to estimate the size of the store. +> [!NOTE] +> You can create a space-estimate file (`Usmtsize.txt`) to estimate the size of the store by using the legacy `/p` command-line option . - +When trying to determine how much disk space you'll need, consider the following issues: -When trying to determine how much disk space you will need, consider the following issues: +- **E-mail**: If users deal with a large volume of e-mail or keep e-mail on their local computers instead of on a mail server, the e-mail can take up as much disk space as all other user files combined. Prior to migrating user data, make sure that users who store e-mail locally synchronize their inboxes with their mail server. -- **E-mail** : If users deal with a large volume of e-mail or keep e-mail on their local computers instead of on a mail server, the e-mail can take up as much disk space as all other user files combined. Prior to migrating user data, make sure that users who store e-mail locally synchronize their inboxes with their mail server. +- **User documents**: Frequently, all of a user's documents fit into less than 50 MB of space, depending on the types of files involved. This estimate assumes typical office work, such as word-processing documents and spreadsheets. This estimate can vary substantially based on the types of documents that your organization uses. For example, an architectural firm that predominantly uses computer-aided design (CAD) files needs much more space than a law firm that primarily uses word-processing documents. You don't need to migrate the documents that users store on file servers through mechanisms such as Folder Redirection, as long as users will have access to these locations after the migration. -- **User documents**: Frequently, all of a user's documents fit into less than 50 MB of space, depending on the types of files involved. This estimate assumes typical office work, such as word-processing documents and spreadsheets. This estimate can vary substantially based on the types of documents that your organization uses. For example, an architectural firm that predominantly uses computer-aided design (CAD) files needs much more space than a law firm that primarily uses word-processing documents. You do not need to migrate the documents that users store on file servers through mechanisms such as Folder Redirection, as long as users will have access to these locations after the migration. - -- **User system settings** Five megabytes is adequate space to save the registry settings. This requirement can fluctuate, however, based on the number of applications that have been installed. It is rare, however, for the user-specific portion of the registry to exceed 5 MB. - -## Related topics +- **User system settings**: Five megabytes is adequate space to save the registry settings. This requirement can fluctuate, however, based on the number of applications that have been installed. It's rare, however, for the user-specific portion of the registry to exceed 5 MB. +## Related articles [Common Migration Scenarios](usmt-common-migration-scenarios.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 7d9d0baa0d..3c518316f4 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -39,7 +39,7 @@ This section describes the user data that USMT migrates by default, using the Mi My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites. > [!IMPORTANT] - > Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-does-not-migrate-the-start-layout). + > Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-doesnt-migrate-the-start-layout). - **Folders from the All Users and Public profiles.** When you specify the MigUser.xml file, USMT also migrates the following from the **All Users** profile in Windows® XP, or the **Public** profile in Windows Vista, Windows 7, or Windows 8: @@ -231,7 +231,7 @@ You should also note the following: ### Start menu layout -Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-does-not-migrate-the-start-layout). +Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-doesnt-migrate-the-start-layout). ### User profiles from Active Directory to Azure Active Directory From 3a196cef51f9214024803bbfeaf9245672463a26 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Wed, 2 Nov 2022 12:15:39 -0400 Subject: [PATCH 009/108] Metadata update deployment/usmt 7 --- .../usmt/migrate-application-settings.md | 28 +++--- .../usmt/migration-store-types-overview.md | 12 +-- .../usmt/offline-migration-reference.md | 34 +++---- .../usmt/understanding-migration-xml-files.md | 56 ++++++------ .../deployment/usmt/usmt-best-practices.md | 2 +- windows/deployment/usmt/usmt-common-issues.md | 28 +++--- .../usmt/usmt-common-migration-scenarios.md | 38 ++++---- .../deployment/usmt/usmt-configxml-file.md | 88 ++++++++++++------- .../usmt/usmt-conflicts-and-precedence.md | 56 ++++++------ .../usmt/usmt-custom-xml-examples.md | 8 +- .../usmt/usmt-customize-xml-files.md | 30 +++---- .../usmt-estimate-migration-store-size.md | 4 +- 12 files changed, 203 insertions(+), 181 deletions(-) diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index fe13dd7b36..a347a93ac0 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -21,23 +21,23 @@ This article doesn't contain information about how to migrate applications that ## In this topic -- [Before You Begin](#bkmk-beforebegin) +- [Before You Begin](#before-you-begin) -- [Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer](#bkmk-step1). +- [Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer](#step-1-verify-that-the-application-is-installed-on-the-source-computer-and-that-its-the-same-version-as-the-version-to-be-installed-on-the-destination-computer). -- [Step 2: Identify settings to collect and determine where each setting is stored on the computer](#bkmk-step2). +- [Step 2: Identify settings to collect and determine where each setting is stored on the computer](#step-2-identify-settings-to-collect-and-determine-where-each-setting-is-stored-on-the-computer). -- [Step 3: Identify how to apply the gathered settings](#bkmk-step3). +- [Step 3: Identify how to apply the gathered settings](#step-3-identify-how-to-apply-the-gathered-settings). -- [Step 4: Create the migration XML component for the application](#bkmk-step4). +- [Step 4: Create the migration XML component for the application](#step-4-create-the-migration-xml-component-for-the-application). -- [Step 5: Test the application settings migration](#bkmk-step5). +- [Step 5: Test the application settings migration](#step-5-test-the-application-settings-migration). -## Before You Begin +## Before you begin You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 7 on your test computer and then install the application. -## Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer +## Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer Before USMT migrates the settings, you need it to check whether the application is installed on the source computer, and that it's the correct version. If the application isn't installed on the source computer, you probably don't want USMT to spend time searching for the application's settings. More importantly, if USMT collects settings for an application that isn't installed, it may migrate settings that will cause the destination computer to function incorrectly. You should also investigate whether there's more than one version of the application because the new version may not store the settings in the same place. Mismatched application versions may lead to unexpected results on the destination computer. @@ -65,7 +65,7 @@ for the name of the application, the name of the application executable file, or You should also check the application binaries for the executable that installed the application. To check for application binaries, you'll first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you've determined the path to the application executable, you can use the `DoesFileVersionMatch` helper function to check for the correct version of the application executable. For an example of how to use the `DoesFileVersionMatch` helper function, see the Windows Live™ Messenger section of the `MigApp.xml` file. -## Step 2: Identify settings to collect and determine where each setting is stored on the computer +## Step 2: Identify settings to collect and determine where each setting is stored on the computer Next, you should go through the user interface and make a list of all of the available settings. You can reduce the list if there are settings that you don't want to migrate. To determine where each setting is stored, you'll need to change each setting and monitor the activity on the registry and the file system. You don't need to migrate the binary files and registry settings that are made when the application is installed because you'll need to reinstall the application onto the destination computer. You only need to migrate those settings that are customizable. @@ -87,7 +87,7 @@ Next, you should go through the user interface and make a list of all of the ava > [!NOTE] > Changing an application setting invariably leads to writing to registry keys. If possible, filter the output of the file and registry monitor tool to display only writes to files and registry keys/values. -## Step 3: Identify how to apply the gathered settings +## Step 3: Identify how to apply the gathered settings If the version of the application on the source computer is the same as the one on the destination computer, then you don't have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the `C:\Documents and Settings\User1\My Documents` folder and the profile directory on the destination computer is located at `D:\Users\User1`, then USMT will automatically migrate the file to `D:\Users\User1\My Documents`. However, you may need to modify the location of some settings in the following three cases: @@ -101,15 +101,15 @@ In this case, the newer version of the application may be able to read the setti - **The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.** In this case, you'll need to create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). After you've created the mapping, apply the settings to the new location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. -### Case 2: The destination computer already contains settings for the application. +### Case 2: The destination computer already contains settings for the application We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. If you must install the application before the migration, you should delete any existing settings using the **<destinationCleanup>** element. If for any reason you want to preserve the settings that are on the destination computer, you can use the **<merge>** element and `DestinationPriority` helper function. -### Case 3: The application overwrites settings when it's installed. +### Case 3: The application overwrites settings when it's installed We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. Also, when some applications are installed, they overwrite any existing settings that are on the computer. In this scenario, if you migrated the data before you installed the application, your customized settings would be overwritten. This scenario is common for applications that store settings in locations that are outside of the user profile (typically these settings are settings that apply to all users). These universal settings are sometimes overwritten when an application is installed, and they're replaced by default values. To avoid this problem, you must install these applications before migrating the files and settings to the destination computer. By default with USMT, data from the source computer overwrites data that already exists in the same location on the destination computer. -## Step 4: Create the migration XML component for the application +## Step 4: Create the migration XML component for the application After you have completed steps 1 through 3, you'll need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the `MigApp.xml` file as a model because it contains examples of many of the concepts discussed in this article. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file. @@ -139,7 +139,7 @@ Your script should do the following actions: For information about the .xml elements and helper functions, see [XML Elements Library](usmt-xml-elements-library.md). -## Step 5: Test the application settings migration +## Step 5: Test the application settings migration On a test computer, install the operating system that will be installed on the destination computers. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 10 and the application. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly. diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 2f6c6b1b79..a62267a2e4 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -17,13 +17,13 @@ When planning your migration, you should determine which migration store type be ## In this topic -[Migration Store Types](#bkmk-types) +[Migration Store Types](#migration-store-types) -[Local Store vs. Remote Store](#bkmk-localvremote) +[Local Store vs. Remote Store](#local-store-vs-remote-store) -[The /localonly Command-Line Option](#bkmk-localonly) +[The /localonly Command-Line Option](#the-localonly-command-line-option) -## Migration Store Types +## Migration store types This section describes the three migration store types available in USMT. @@ -45,7 +45,7 @@ The following flowchart illustrates the procedural differences between a local m ![migration store comparison.](images/dep-win8-l-usmt-migrationcomparemigstores.gif) -## Local Store vs. Remote Store +## Local store vs. remote store If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. @@ -54,7 +54,7 @@ If there isn't enough local disk space, or if you're moving the user state to an > [!IMPORTANT] > If possible, have users store their data within their `%UserProfile%\My Documents` and `%UserProfile%\Application Data` folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. -### The /localonly Command-Line Option +### The /localonly command-line option You should use this option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify `/LocalOnly`, see [ScanState Syntax](usmt-scanstate-syntax.md). diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index a32631093a..c30fb31706 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -29,19 +29,19 @@ When you use User State Migration Tool (USMT) 10.0 to gather and restore user st ## In this topic -- [What Will Migrate Offline?](#bkmk-whatwillmigrate) +- [What Will Migrate Offline?](#what-will-migrate-offline) -- [What Offline Environments are Supported?](#bkmk-offlineenvironments) +- [What Offline Environments are Supported?](#what-offline-environments-are-supported) -- [User-Group Membership and Profile Control](#bkmk-usergroupmembership) +- [User-Group Membership and Profile Control](#user-group-membership-and-profile-control) -- [Command-Line Options](#bkmk-commandlineoptions) +- [Command-Line Options](#command-line-options) -- [Environment Variables](#bkmk-environmentvariables) +- [Environment Variables](#environment-variables) -- [Offline.xml Elements](#bkmk-offlinexml) +- [Offline.xml Elements](#offlinexml-elements) -## What Will Migrate Offline? +## What will migrate offline? The following user data and settings migrate offline, similar to an online migration: @@ -59,7 +59,7 @@ The following user data and settings migrate offline, similar to an online migra For exceptions to what you can migrate offline, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) -## What Offline Environments are Supported? +## What offline environments are supported? The following table defines the supported combination of online and offline operating systems in USMT. @@ -71,7 +71,7 @@ The following table defines the supported combination of online and offline oper > [!NOTE] > It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](/previous-versions/windows/it-pro/windows-7/ee424315(v=ws.10)). -## User-Group Membership and Profile Control +## User-group membership and profile control User-group membership isn't preserved during offline migrations. You must configure a **<ProfileControl>** section in the `Config.xml` file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group: @@ -93,7 +93,7 @@ User-group membership isn't preserved during offline migrations. You must config For information about the format of a `Config.xml` file, see [Config.xml File](usmt-configxml-file.md). -## Command-Line Options +## Command-line options An offline migration can either be enabled by using a configuration file on the command line, or by using one of the following command line options: @@ -105,7 +105,7 @@ An offline migration can either be enabled by using a configuration file on the You can use only one of the `/offline`, `/offlineWinDir`, or `/OfflineWinOld` command-line options at a time. USMT doesn't support using more than one together. -## Environment Variables +## Environment variables The following system environment variables are necessary in the scenarios outlined below. @@ -114,23 +114,23 @@ The following system environment variables are necessary in the scenarios outlin |USMT_WORKING_DIR|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command: 
Set USMT_WORKING_DIR=[path to working directory]
| |MIG_OFFLINE_PLATFORM_ARCH|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `Scanstate.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| -## Offline.xml Elements +## Offline.xml elements Use an `offline.xml` file when running the ScanState tool on a computer that has multiple Windows directories. The `offline.xml` file specifies which directories to scan for windows files. An `offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option. -### <offline> +### <offline> This element contains other elements that define how an offline migration is to be performed. Syntax: `` `` -### <winDir> +### <winDir> This element is a required child of **<offline>** and contains information about how the offline volume can be selected. The migration will be performed from the first element of **<winDir>** that contains a valid Windows system volume. Syntax: `` `` -### <path> +### <path> This element is a required child of **<winDir>** and contains a file path pointing to a valid Windows directory. Relative paths are interpreted from the ScanState tool's working directory. @@ -140,13 +140,13 @@ Syntax: ` C:\Windows ` Syntax, when used with the **<mappings>** element: ` C:\, D:\ ` -### <mappings> +### <mappings> This element is an optional child of **<offline>**. When specified, the **<mappings>** element will override the automatically detected WinPE drive mappings. Each child **<path>** element will provide a mapping from one system volume to another. Additionally, mappings between folders can be provided, since an entire volume can be mounted to a specific folder. Syntax: `` `` -### <failOnMultipleWinDir> +### <failOnMultipleWinDir> This element is an optional child of **<offline>**. The **<failOnMultipleWinDir>** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **<failOnMultipleWinDir>** element isn't present, the default behavior is that the migration doesn't fail. diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 18fed52688..ba4b82c7f2 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -19,31 +19,31 @@ This article provides an overview of the default and custom migration XML files ## In this topic -[Overview of the Config.xml file](#bkmk-config) +[Overview of the Config.xml file](#overview-of-the-configxml-file) -[Overview of the MigApp.xml file](#bkmk-migapp) +[Overview of the MigApp.xml file](#overview-of-the-migappxml-file) -[Overview of the MigDocs.xml file](#bkmk-migdocs) +[Overview of the MigDocs.xml file](#overview-of-the-migdocsxml-file) -[Overview of the MigUser.xml file](#bkmk-miguser) +[Overview of the MigUser.xml file](#overview-of-the-miguserxml-file) -[Using multiple XML files](#bkmk-multiple) +[Using multiple XML files](#using-multiple-xml-files) -[XML rules for migrating user files](#bkmk-userfiles) +[XML rules for migrating user files](#xml-rules-for-migrating-user-files) -[The GenerateDocPatterns function](#bkmk-generate) +[The GenerateDocPatterns function](#the-generatedocpatterns-function) -[Understanding the system and user context](#bkmk-context) +[Understanding the system and user context](#understanding-the-system-and-user-context) -[Sample migration rules for customized versions of XML files](#bkmk-samples) +[Sample migration rules for customized versions of XML files](#sample-migration-rules-for-customized-versions-of-xml-files) -[Exclude rules usage examples](#bkmk-exclude) +[Exclude rules usage examples](#exclude-rules-usage-examples) -[Include rules usage examples](#bkmk-include) +[Include rules usage examples](#include-rules-usage-examples) -[Next Steps](#bkmk-next) +[Next Steps](#next-steps) -## Overview of the Config.xml file +## Overview of the Config.xml file The `Config.xml` file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The `Config.xml` file can be used with other XML files, such as in the following example: @@ -54,14 +54,14 @@ When used this way, the `Config.xml` file tightly controls aspects of the migrat > [!NOTE] > When modifying the XML elements in the `Config.xml` file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. -## Overview of the MigApp.xml file +## Overview of the MigApp.xml file The `MigApp.xml` file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the `MigApp.xml` file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The `MigDocs.xml` and `MigUser.xml` files don't migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). > [!IMPORTANT] -> The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that are not linked to Outlook, see the [Sample migration rules for customized versions of XML files](#bkmk-samples). +> The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that are not linked to Outlook, see [Sample migration rules for customized versions of XML files](#sample-migration-rules-for-customized-versions-of-xml-files). -## Overview of the MigDocs.xml file +## Overview of the MigDocs.xml file The `MigDocs.xml` file uses the new `GenerateDocPatterns` helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the `MigDocs.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. @@ -131,7 +131,7 @@ The default `MigDocs.xml` file won't migrate the following data: You can also use the `/genmigxml` option with the ScanState tool to review and modify what files will be migrated. -## Overview of the MigUser.xml file +## Overview of the MigUser.xml file The `MigUser.xml` file includes instructions for USMT to migrate user files based on file name extensions. You can use the `MigUser.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The `MigUser.xml` file will gather all files from the standard user-profile folders, and any files on the computer with the specified file name extensions. @@ -172,9 +172,9 @@ The default `MigUser.xml` file doesn't migrate the following data: You can make a copy of the `MigUser.xml` file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the `MigUser.xml` file to move all of your relevant data, regardless of the location of the files. However, this provision may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. > [!NOTE] -> Each file name extension you include in the rules within the `MigUser.xml` file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. +> Each file name extension you include in the rules within the `MigUser.xml` file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#using-multiple-xml-files) section of this article. -## Using multiple XML files +## Using multiple XML files You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with more migration rules. @@ -191,16 +191,16 @@ For example, you can use all of the XML migration file types for a single migrat Scanstate.exe /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml ``` -### XML rules for migrating user files +### XML rules for migrating user files > [!IMPORTANT] > You should not use the `MigUser.xml` and `MigDocs.xml` files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file will gather a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location. The `MigUser.xml` file migrates only the files with the specified file name extensions. -If you want more control over the migration, you can create custom XML files. See the [Creating and editing a custom ,xml file](#bkmk-createxml) section of this document. +If you want more control over the migration, you can create custom XML files. See [Creating and editing a custom XML file](#creating-and-editing-a-custom-xml-file) for more information. -## Creating and editing a custom XML file +## Creating and editing a custom XML file You can use the `/genmigxml` command-line option to determine which files will be included in your migration. The `/genmigxml` option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. @@ -229,7 +229,7 @@ To generate the XML migration rules file for a source computer: scanstate.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml" ``` -### The GenerateDocPatterns function +### The GenerateDocPatterns function The `MigDocs.xml` file calls the `GenerateDocPatterns` function, which takes three Boolean values. You can change the settings to modify the way the `MigDocs.xml` file generates the XML rules for migration. @@ -287,7 +287,7 @@ To create exclude data patterns: ``` -### Understanding the system and user context +### Understanding the system and user context The migration XML files contain two <component> elements with different **context** settings. The system context applies to files on the computer that aren't stored in the User Profiles directory, while the user context applies to files that are particular to an individual user. @@ -342,12 +342,12 @@ The user context includes rules for data in the User Profiles directory. When ca > [!NOTE] > Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the `MigDocs.xml` files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. -### Sample migration rules for customized versions of XML files +### Sample migration rules for customized versions of XML files > [!NOTE] > For best practices and requirements for customized XML files in USMT, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [General Conventions](usmt-general-conventions.md). -### Exclude rules usage examples +### Exclude rules usage examples In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default `MigDocs.xml` behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: @@ -404,7 +404,7 @@ If you want the **<UnconditionalExclude>** element to apply to both the sy For more examples of exclude rules that you can use in custom migration XML files, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md). -### Include rules usage examples +### Include rules usage examples The application data directory is the most common location that you would need to add an include rule for. The `GenerateDocPatterns` function excludes this location by default. If your company uses an application that saves important data to this location, you can create include rules to migrate the data. For example, the default location for .pst files is: `%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook`. The `MigApp.xml` file contains migration rules to move only those .pst files that are linked to Microsoft Outlook. To include .pst files that aren't linked, you can do the following modification: @@ -437,7 +437,7 @@ For more examples of include rules that you can use in custom migration XML file > [!NOTE] > For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). -## Next steps +## Next steps You can include additional rules for the migration in the `MigDocs.xml` file or other XML migration files. For example, you can use the `` element to move files from the folder where they were gathered to a different folder, when they're applied to the destination computer. diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 2f6e9b3c0d..b72180f82f 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -81,7 +81,7 @@ As the authorized administrator, it is your responsibility to protect the privac Before you migrate local accounts, see the Migrating Local Accounts section in the [Identify Users](usmt-identify-users.md) article. -## XML File Best Practices +## XML file best practices - **Specify the same set of mig\*.xml files in both the ScanState and the LoadState tools** diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index fd31f45b47..151cba0fb1 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -17,17 +17,17 @@ The following sections discuss common issues that you might see when you run the ## In this topic -[User Account Problems](#user) +[User account problems](#user-account-problems) -[Command-line Problems](#command) +[Command-line problems](#command-line-problems) -[XML File Problems](#xml) +[XML file problems](#xml-file-problems) -[Migration Problems](#migration) +[Migration problems](#migration-problems) -[Offline Migration Problems](#bkmk-offline) +[Offline migration problems](#offline-migration-problems) -[Hard Link Migration Problems](#bkmk-hardlink) +[Hard link migration problems](#hard-link-migration-problems) [USMT doesn't migrate the Start layout](#usmt-doesnt-migrate-the-start-layout) @@ -57,7 +57,7 @@ When you encounter a problem or error message during migration, you can use the > [!NOTE] > USMT will fail if it can't migrate a file or setting unless you specify the `/c` option. When you specify the `/c` option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that didn't migrate. -## User Account Problems +## User account problems The following sections describe common user account problems. Expand the section to see recommended solutions. @@ -128,7 +128,7 @@ loadstate.exe /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /progress:prog.log /l:load.log /mu:fareast\user1:farwest\user1 ``` -## Command-line Problems +## Command-line problems The following sections describe common command-line problems. Expand the section to see recommended solutions. @@ -144,7 +144,7 @@ The following sections describe common command-line problems. Expand the section **Resolution:** To fix this issue in this scenario, specify the `/l:scan.log` or `/l:load.log` option. -## XML File Problems +## XML file problems The following sections describe common XML file problems. Expand the section to see recommended solutions. @@ -160,13 +160,13 @@ The following sections describe common XML file problems. Expand the section to **Resolution:** You can load the XML schema file `MigXML.xsd` into your XML authoring tool. `MigXML.xsd` is included with USMT. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there's a syntax error. For more information about using the XML elements, see [USMT XML Reference](usmt-xml-reference.md). -### I'm using a MigXML helper function, but the migration isn't working the way I expected it to. How do I troubleshoot this issue? +### I'm using a MigXML helper function, but the migration isn't working the way I expected it to. How do I troubleshoot this issue? **Cause:** Typically, this issue is caused by incorrect syntax used in a helper function. You receive a Success return code, but the files you wanted to migrate didn't get collected or applied, or weren't collected or applied in the way you expected. **Resolution:** You should search the ScanState or LoadState log for either the component name that contains the MigXML helper function, or the MigXML helper function title, so that you can locate the related warning in the log file. -## Migration Problems +## Migration problems The following sections describe common migration problems. Expand the section to see recommended solutions. @@ -210,7 +210,7 @@ There are three typical causes for this issue. **Resolution:** Run the ScanState and LoadState tools from within an account with administrative credentials. ---> -### I included MigApp.xml in the migration, but some PST files aren't migrating +### I included MigApp.xml in the migration, but some PST files aren't migrating **Cause:** The `MigApp.xml` file migrates only the PST files that are linked to Outlook profiles. @@ -240,7 +240,7 @@ There are three typical causes for this issue. This workaround changes the Default user's Start layout. The workaround doesn't scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device, you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout. -## Offline Migration Problems +## Offline migration problems The following sections describe common offline migration problems. Expand the section to see recommended solutions. @@ -280,7 +280,7 @@ You can also use patterns for SIDs that identify generic users or groups. For ex reg.exe unload hklm\$dest$software ``` -## Hard-Link Migration Problems +## Hard-Link Migration Problems The following sections describe common hard-link migration problems. Expand the section to see recommended solutions. diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index cdb081b177..ef212927fd 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -15,35 +15,35 @@ ms.technology: itpro-deploy You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred. -One common scenario is when the operating system is upgraded on existing hardware without the hardware being replaced. This scenario is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system. +One common scenario is when the operating system is upgraded on existing hardware without the hardware being replaced. This scenario is referred to as *PC-refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system. **In this article:** -[PC Refresh](#bkmk-pcrefresh) +[PC-refresh](#pc-refresh) -[Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#bkmk-onepcrefresh) +[Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#scenario-one-pc-refresh-offline-using-windows-pe-and-a-hard-link-migration-store) -[Scenario Two: PC-refresh using a compressed migration store](#bkmk-twopcrefresh) +[Scenario Two: PC-refresh using a compressed migration store](#scenario-two-pc-refresh-using-a-compressed-migration-store) -[Scenario Three: PC-refresh using a hard-link migration store](#bkmk-threepcrefresh) +[Scenario Three: PC-refresh using a hard-link migration store](#scenario-three-pc-refresh-using-a-hard-link-migration-store) -[Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store](#bkmk-fourpcrefresh) +[Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store](#scenario-four-pc-refresh-using-windowsold-folder-and-a-hard-link-migration-store) -[PC Replacement](#bkmk-pcreplace) +[PC-replacement](#pc-replacement) -[Scenario One: Offline migration using Windows PE and an external migration store](#bkmk-onepcreplace) +[Scenario One: Offline migration using Windows PE and an external migration store](#scenario-one-offline-migration-using-windows-pe-and-an-external-migration-store) -[Scenario Two: Manual network migration](#bkmk-twopcreplace) +[Scenario Two: Manual network migration](#scenario-two-manual-network-migration) -[Scenario Three: Managed network migration](#bkmk-threepcreplace) +[Scenario Three: Managed network migration](#scenario-three-managed-network-migration) -## PC-Refresh +## PC-refresh The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer. ![usmt pc refresh scenario.](images/dep-win8-l-usmt-pcrefresh.jpg) -### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store +### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store A company has received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer. @@ -53,7 +53,7 @@ A company has received funds to update the operating system on all of its comput 3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer. -### Scenario Two: PC-refresh using a compressed migration store +### Scenario Two: PC-refresh using a compressed migration store A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server. @@ -63,7 +63,7 @@ A company has received funds to update the operating system on all of its comput 3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer. -### Scenario Three: PC-refresh using a hard-link migration store +### Scenario Three: PC-refresh using a hard-link migration store A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer. @@ -73,7 +73,7 @@ A company has received funds to update the operating system on all of its comput 3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer. -### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store +### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer. @@ -83,13 +83,13 @@ A company has decided to update the operating system on all of its computers to 3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the `/hardlink /nocompress` command-line options. -## PC-Replacement +## PC-replacement The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer. ![usmt pc replace scenario.](images/dep-win8-l-usmt-pcreplace.jpg) -### Scenario One: Offline migration using WinPE and an external migration store +### Scenario One: Offline migration using Windows PE and an external migration store A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled offline, without a network connection. @@ -99,7 +99,7 @@ A company is allocating 20 new computers to users in the accounting department. 3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers. -### Scenario Two: Manual network migration +### Scenario Two: Manual network migration A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store. @@ -111,7 +111,7 @@ A company receives 50 new laptops for their managers and needs to reallocate 50 4. On the old computers, the administrator installs the company's SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use. -### Scenario Three: Managed network migration +### Scenario Three: Managed network migration A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a sign-in script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store. diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 8143e98216..3311ec43eb 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -28,47 +28,69 @@ For more information about using the `Config.xml` file with other migration file In USMT there are new migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the `Config.xml` file only. -[<Policies>](#bkmk-policies) +[<Policies>](#policies) + +[<ErrorControl>](#errorcontrol) + + -[<fileError>](#bkmk-fileerror) +[<fatal>](#fatal) -[<nonfatal>](#bkmk-nonfatal) +[<fileError>](#fileerror) -[<registryError>](#bkmk-registryerror) +[<nonfatal>](#nonfatal) -[<HardLinkStoreControl>](#bkmk-hardlinkstorecontrol) +[<registryError>](#registryerror) -[<fileLocked>](#bkmk-filelock) +[<HardLinkStoreControl>](#hardlinkstorecontrol) -[<createHardLink>](#bkmk-createhardlink) +[<fileLocked>](#filelocked) -[<errorHardLink>](#bkmk-errorhardlink) +[<createHardLink>](#createhardlink) -[<ProfileControl>](#bkmk-profilecontrol) +[<errorHardLink>](#errorhardlink) -[<localGroups>](#bkmk-localgroups) +[<ProfileControl>](#profilecontrol) -[<mappings>](#bkmk-mappings) +[<localGroups>](#localgroups) -[<changeGroup>](#bkmk-changegrou) +[<mappings>](#mappings) -[<include>](#bkmk-include) +[<changeGroup>](#changegroup) -[<exclude>](#bkmk-exclude) +[<include>](#include) -[Sample Config.xml File](#bkmk-sampleconfigxjmlfile) +[<exclude>](#exclude) -## <Policies> +[Sample Config.xml File](#sample-configxml-file) + +## <Policies> The **<Policies>** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **<Policies>** element are **<ErrorControl>** and **<HardLinkStoreControl>**. The **<Policies>** element is a child of **<Configuration>**. Syntax: `` `` -## <ErrorControl> +## <ErrorControl> The **<ErrorControl>** element is an optional element you can configure in the `Config.xml` file. The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. @@ -99,7 +121,7 @@ Additionally, the order in the **<ErrorControl>** section implies priority > [!IMPORTANT] > The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. -### <fatal> +### <fatal> The **<fatal>** element isn't required. @@ -117,7 +139,7 @@ Syntax: `` *<pattern>* `` You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. -## <fileError> +## <fileError> The **<fileError>** element isn't required. @@ -131,7 +153,7 @@ Syntax: `` `` You use the **<fileError>** element to represent the behavior associated with file errors. -## <nonFatal> +## <nonFatal> The **<nonFatal>** element isn't required. @@ -149,7 +171,7 @@ Syntax: `` *<pattern>* `` You use the **<nonFatal>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. -## <registryError> +## <registryError> The **<registryError>** element isn't required. @@ -167,7 +189,7 @@ Syntax: `` `` You use the **<registryError>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. -## <HardLinkStoreControl> +## <HardLinkStoreControl> The **<HardLinkStoreControl>** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **<fileLocked>**. @@ -200,43 +222,43 @@ The **<HardLinkStoreControl>** sample code below specifies that hard links ``` -## <fileLocked> +## <fileLocked> The **<fileLocked>** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **<fileLocked>** element are processed in the order in which they appear in the XML file. Syntax: `` `` -## <createHardLink> +## <createHardLink> The **<createHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. Syntax: `` *<pattern>* `` -## <errorHardLink> +## <errorHardLink> The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that isn't possible, **Error\_Locked** is thrown. This error is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. Syntax: `` *<pattern>* `` -## <ProfileControl> +## <ProfileControl> This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **<ProfileMigration>** is a child of **<Configuration>**. Syntax: <`ProfileControl>` `` -## <localGroups> +## <localGroups> This element is used to contain other elements that establish rules for how to migrate local groups. **<localGroups>** is a child of **<ProfileControl>**. Syntax: `` `` -## <mappings> +## <mappings> This element is used to contain other elements that establish mappings between groups. Syntax: `` `` -## <changeGroup> +## <changeGroup> This element describes the source and destination groups for a local group membership change during the migration. It's a child of **<localGroups>**. The following parameters are defined: @@ -250,19 +272,19 @@ The valid and required children of **<changeGroup>** are **<include> Syntax: `` `` -## <include> +## <include> This element specifies that its required child, *<pattern>*, should be included in the migration. Syntax: `` `` -## <exclude> +## <exclude> This element specifies that its required child, *<pattern>*, should be excluded from the migration. Syntax: `` `` -## Sample Config.xml File +## Sample Config.xml File Refer to the following sample `Config.xml` file for more details about items you can choose to exclude from a migration.
diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index 47383f7df6..39baed7821 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -15,7 +15,7 @@ ms.technology: itpro-deploy When you include, exclude, and reroute files and settings, it's important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind. -- **If there are conflicting rules within a component, the most specific rule is applied.** However, the **<unconditionalExclude>** rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples) later in this article. +- **If there are conflicting rules within a component, the most specific rule is applied.** However, the **<unconditionalExclude>** rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting <include> and <exclude> rules?](#what-happens-when-there-are-conflicting-include-and-exclude-rules) and the first example in [<include> and <exclude> rules precedence examples](#include-and-exclude-rules-precedence-examples) later in this article. - **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components don't affect each other, except for the **<unconditionalExclude>** rule. @@ -25,37 +25,37 @@ When you include, exclude, and reroute files and settings, it's important to kno - **The ordering of the <include> and <exclude> rules within a component does not matter.** -- **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other **<include>** rules that are in the .xml files. For example, you can use the **<unconditionalExclude>** element to exclude all MP3 files on the computer or to exclude all files from **C:\\UserData**. +- **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other **<include>** rules that are in the .xml files. For example, you can use the **<unconditionalExclude>** element to exclude all MP3 files on the computer or to exclude all files from `C:\UserData`. ## In this topic -**General** +[General](#general) -- [What is the relationship between rules that are located within different components?](#bkmk2) +- [What is the relationship between rules that are located within different components?](#what-is-the-relationship-between-rules-that-are-located-within-different-components) -- [How does precedence work with the Config.xml file?](#bkmk3) +- [How does precedence work with the Config.xml file?](#how-does-precedence-work-with-the-configxml-file) -- [How does USMT process each component in an .xml file with multiple components?](#bkmk4) +- [How does USMT process each component in an .xml file with multiple components?](#how-does-usmt-process-each-component-in-an-xml-file-with-multiple-components) -- [How are rules processed?](#bkmk5) +- [How are rules processed?](#how-are-rules-processed) -- [How does USMT combine all of the .xml files that I specify on the command line?](#bkmk6) +- [How does USMT combine all of the .xml files that I specify on the command line?](#how-does-usmt-combine-all-of-the-xml-files-that-i-specify-on-the-command-line) -**The <include> and <exclude> rules** +[The <include> and <exclude> rules](#the-include-and-exclude-rules) -- [What happens when there are conflicting include and exclude rules?](#bkmk1) +- [What happens when there are conflicting <include> and <exclude> rules?](#what-happens-when-there-are-conflicting-include-and-exclude-rules) -- [<include> and <exclude> precedence examples](#precexamples) +- [<include> and <exclude> rules precedence examples](#include-and-exclude-rules-precedence-examples) -**File collisions** +[File collisions](#file-collisions) -- [What is the default behavior when there are file collisions?](#collisions) +- [What is the default behavior when there are file collisions?](#what-is-the-default-behavior-when-there-are-file-collisions) -- [How does the <merge> rule work when there are file collisions?](#bkmk11) +- [How does the <merge> rule work when there are file collisions?](#how-does-the-merge-rule-work-when-there-are-file-collisions) ## General -### What is the relationship between rules that are located within different components? +### What is the relationship between rules that are located within different components? Only rules inside the same component can affect each other, depending on specificity, except for the **<unconditionalExclude>** rule. Rules that are in different components don't affect each other. If there's an **<include>** rule in one component and an identical **<exclude>** rule in another component, the data will be migrated because the two rules are independent of each other. @@ -93,7 +93,7 @@ The following .xml file migrates all files from C:\\Userdocs, including .mp3 fil ``` -### How does precedence work with the Config.xml file? +### How does precedence work with the Config.xml file? Specifying `migrate="no"` in the `Config.xml` file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded. @@ -105,11 +105,11 @@ Specifying `migrate="no"` in the `Config.xml` file is the same as deleting the c ``` -### How does USMT process each component in an .xml file with multiple components? +### How does USMT process each component in an .xml file with multiple components? The ordering of components doesn't matter. Each component is processed independently of other components. For example, if you have an **<include>** rule in one component and a **<locationModify>** rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the **<include>** rule, and it will be migrated based on the **<locationModify>** rule. -### How are rules processed? +### How are rules processed? There are two broad categories of rules. @@ -117,13 +117,13 @@ There are two broad categories of rules. - **Rules that affect the behavior of only the LoadState tool**. For example, the **<locationModify>**, **<contentModify>**, and **<destinationCleanup>** rules don't affect ScanState. They're processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the **<locationModify>** and **<contentModify>** rules. Then, LoadState processes all of the **<destinationCleanup>** rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer. -### How does USMT combine all of the .xml files that I specify on the command line? +### How does USMT combine all of the .xml files that I specify on the command line? USMT doesn't distinguish the .xml files based on their name or content. It processes each component within the files separately. USMT supports multiple .xml files only to make it easier to maintain and organize the components within them. Because USMT uses a urlid to distinguish each component from the others, be sure that each .xml file that you specify on the command line has a unique migration urlid. -## The <include> and <exclude> rules +## The <include> and <exclude> rules -### What happens when there are conflicting <include> and <exclude> rules? +### What happens when there are conflicting <include> and <exclude> rules? If there are conflicting rules within a component, the most specific rule is applied, except with the **<unconditionalExclude>** rule, which takes precedence over all other rules. If the rules are equally specific, then the data won't be migrated. For example if you exclude a file, and include the same file, the file won't be migrated. If there are conflicting rules within different components, the rules don't affect each other because each component is processed independently. @@ -142,15 +142,15 @@ In the following example, mp3 files won't be excluded from the migration. The mp ``` -### <include> and **<exclude>** rules precedence examples +### <include> and <exclude> rules precedence examples These examples explain how USMT deals with **<include>** and **<exclude>** rules. When the rules are in different components, the resulting behavior will be the same regardless of whether the components are in the same or in different migration .xml files. -- [Including and excluding files](#filesex) +- [Including and excluding files](#including-and-excluding-files) -- [Including and excluding registry objects](#regex) +- [Including and excluding registry objects](#including-and-excluding-registry-objects) -### Including and excluding files +### Including and excluding files | If you have the following code in the same component | Resulting behavior | Explanation | |-----|-----|-----| @@ -167,7 +167,7 @@ These examples explain how USMT deals with **<include>** and **<exclude | Component 1:
  • Include rule: C:\Dir1\Dir2* []

Component 2:
  • Exclude rule: C:\Dir1* [.txt]
| Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders. | Both rules are processed as intended. | | Component 1:
  • Exclude rule: C:\Dir1\Dir2* []

Component 2:
  • Include rule: C:\Dir1* [.txt]
| Migrates all .txt files in Dir1 and any subfolders. | Component 1 doesn't contain an **<include>** rule, so the **<exclude>** rule isn't processed. | -### Including and excluding registry objects +### Including and excluding registry objects | If you have the following code in the same component | Resulting behavior | Explanation | |-----|-----|-----| @@ -181,11 +181,11 @@ These examples explain how USMT deals with **<include>** and **<exclude ## File collisions -### What is the default behavior when there are file collisions? +### What is the default behavior when there are file collisions? If there isn't a **<merge>** rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on. -### How does the <merge> rule work when there are file collisions? +### How does the <merge> rule work when there are file collisions? When a collision is detected, USMT will select the most specific **<merge>** rule and apply it to resolve the conflict. For example, if you have a **<merge>** rule for **C:\\\* \[\*\]** set to **sourcePriority()** and another **<merge>** rule for **C:\\subfolder\\\* \[\*\]** set to **destinationPriority()** , then USMT uses the **destinationPriority()** rule because it's the most specific. diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index 4e749bc6c1..42026f9560 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -13,7 +13,7 @@ ms.date: 11/01/2022 # Custom XML Examples -## Example 1: Migrating an Unsupported Application +## Example 1: Migrating an unsupported application The following template is a template for the sections that you need to migrate your application. The template isn't functional on its own, but you can use it to write your own .xml file. @@ -88,7 +88,7 @@ The following template is a template for the sections that you need to migrate y -## Example 2: Migrating the My Videos Folder +## Example 2: Migrating the My Videos folder The following sample is a custom .xml file named `CustomFile.xml` that migrates **My Videos** for all users, if the folder exists on the source computer. @@ -136,7 +136,7 @@ The following sample is a custom .xml file named `CustomFile.xml` that migrates -## Example 3: Migrating Files and Registry Keys +## Example 3: Migrating files and registry keys The sample patterns describe the behavior in the following example .xml file. @@ -194,7 +194,7 @@ The sample patterns describe the behavior in the following example .xml file. -## Example 4: Migrating Specific Folders from Various Locations +## Example 4: Migrating specific folders from various locations The behavior for this custom .xml file is described within the `` tags in the code. diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 45d046b40c..3d2694b9a9 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -15,19 +15,19 @@ ms.technology: itpro-deploy ## In This Topic -[Overview](#bkmk-overview) +[Overview](#overview) -[Migration .xml Files](#bkmk-migxml) +[Migration .xml files](#migration-xml-files) -[Custom .xml Files](#bkmk-customxmlfiles) +[Custom .xml files](#custom-xml-files) -[The Config.xml File](#bkmk-configxml) +[The Config.xml file](#the-configxml-file) -[Examples](#bkmk-examples) +[Examples](#examples) -[Additional Information](#bkmk-addlinfo) +[Additional Information](#additional-information) -## Overview +## Overview If you want the ScanState and LoadState tools to use any of the migration .xml files, specify these files at the command line using the `/i` option. Because the ScanState and LoadState tools need the .xml files to control the migration, specify the same set of .xml files for both the `ScanState.exe` and `LoadState.exe` commands. However, you don't have to specify the `Config.xml` file with the `/config` option, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store but not to the destination computer. To achieve this scenario, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. Then the `LoadState.exe` command will migrate only the files and settings that you want to migrate. @@ -39,15 +39,15 @@ USMT won't reroute the files, and they'll be migrated to `C:\data`. To modify the migration, do one or more of the following. -- **Modify the migration .xml files.** If you want to exclude a portion of a component—for example, you want to migrate C:\\ but exclude all of the .mp3 files—or if you want to move data to a new location on the destination computer, modify the .xml files. To modify these files, you must be familiar with the migration rules and syntax. If you want ScanState and LoadState to use these files, specify them at the command line when each command is entered. +- **Modify the migration .xml files.** If you want to exclude a portion of a component—for example, you want to migrate C:\\ but exclude all of the .mp3 files—or if you want to move data to a new location on the destination computer, modify the .xml files. To modify these files, you must be familiar with the migration rules and syntax. If you want ScanState and LoadState to use these files, specify them at the command line when each command is entered. -- **Create a custom .xml file.** You can also create a custom .xml file to migrate settings for another application, or to change the migration behavior to suit your needs. For ScanState and LoadState to use this file, specify them on both command lines. +- **Create a custom .xml file.** You can also create a custom .xml file to migrate settings for another application, or to change the migration behavior to suit your needs. For ScanState and LoadState to use this file, specify them on both command lines. -- **Create and modify a Config.xml file.** Create and modify a `Config.xml` file if you want to exclude an entire component from the migration. For example, you can use a `Config.xml` file to exclude the entire My Documents folder, or exclude the settings for an application. Excluding components using a `Config.xml` file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. In addition, using a `Config.xml` file is the only way to exclude the operating system settings from being migrated. +- **Create and modify a Config.xml file.** Create and modify a `Config.xml` file if you want to exclude an entire component from the migration. For example, you can use a `Config.xml` file to exclude the entire My Documents folder, or exclude the settings for an application. Excluding components using a `Config.xml` file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. In addition, using a `Config.xml` file is the only way to exclude the operating system settings from being migrated. For more information about excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) article. -## Migration .xml Files +## Migration .xml files This section describes the migration .xml files that are included with USMT. Each file contains migration rules that control which components are migrated and where they're migrated to on the destination computer. @@ -63,11 +63,11 @@ This section describes the migration .xml files that are included with USMT. Eac > [!NOTE] > Don't use the `MigUser.xml` and `MigDocs.xml` files together. For more information, see the [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) and [USMT Best Practices](usmt-best-practices.md) articles. -## Custom .xml Files +## Custom .xml files You can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior. If you want `ScanState.exe` and `LoadState.exe` to use this file, specify it with both commands. For more information, see the [Custom XML Examples](usmt-custom-xml-examples.md) article. -## The Config.xml File +## The Config.xml file The `Config.xml` file is an optional file that you create using the `/genconfig` option with the `ScanState.exe` command. You should create and modify this file if you want to exclude certain components from the migration. In addition, you must create and modify this file if you want to exclude any of the operating system settings from being migrated. The `Config.xml` file format is different from the migration .xml files because it doesn't contain any migration rules. It contains only a list of the operating system components, applications, and the user documents that can be migrated. For an example, see the [Config.xml File](usmt-configxml-file.md) article. For this reason, excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. However, you can't use wildcard characters in a `Config.xml` file. @@ -88,7 +88,7 @@ In addition, note the following functionality with the `Config.xml` file: > [!NOTE] > To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration. -### Examples +### Examples - The following command creates a `Config.xml` file in the current directory, but it doesn't create a store: @@ -102,7 +102,7 @@ In addition, note the following functionality with the `Config.xml` file: `loadstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:5 /decrypt /key:"mykey"` -## Additional Information +## Additional Information - For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index cb1b1ff570..20ca21f7ca 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -21,7 +21,7 @@ The disk space requirements for a migration are dependent on the size of the mig - [Calculate Disk Space Requirements Using the ScanState Tool](#calculate-disk-space-requirements-using-the-scanstate-tool): Describes how to use the ScanState tool to determine how large the migration store will be on a particular computer. -- [Estimate Migration Store Size](#estimate-migration-store-size): Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure. +- [Estimating Migration Store Size](#estimating-migration-store-size): Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure. ## Hard disk space requirements @@ -96,7 +96,7 @@ The space requirements report provides two elements, <**storeSize**> and & Additionally, USMT performs a compliance check for a required minimum of 250 MB of available disk space and won't create a store if the compliance check fails. -## Estimate migration store size +## Estimating migration store size Determine how much space you'll need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate the required space is to survey several computers to arrive at an average for the size of the store that you'll need. From 2f547b9835a6672b69040db959432f9ac974696a Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Wed, 2 Nov 2022 14:35:25 -0400 Subject: [PATCH 010/108] Metadata update deployment/usmt 8 --- ...rted-with-the-user-state-migration-tool.md | 2 +- .../usmt/migrate-application-settings.md | 10 +- .../usmt/migration-store-types-overview.md | 8 +- .../usmt/offline-migration-reference.md | 14 +-- .../usmt/understanding-migration-xml-files.md | 6 +- .../deployment/usmt/usmt-best-practices.md | 12 +- .../usmt/usmt-choose-migration-store-type.md | 8 +- .../usmt/usmt-command-line-syntax.md | 8 +- windows/deployment/usmt/usmt-common-issues.md | 28 ++--- .../usmt/usmt-common-migration-scenarios.md | 6 +- .../deployment/usmt/usmt-configxml-file.md | 2 +- .../usmt/usmt-conflicts-and-precedence.md | 4 +- .../usmt/usmt-custom-xml-examples.md | 4 +- .../usmt/usmt-customize-xml-files.md | 10 +- .../usmt/usmt-determine-what-to-migrate.md | 6 +- .../usmt-estimate-migration-store-size.md | 2 +- .../usmt/usmt-exclude-files-and-settings.md | 103 ++++++++++-------- ...files-from-a-compressed-migration-store.md | 86 +++++++-------- windows/deployment/usmt/usmt-faq.yml | 62 +++++------ .../usmt/usmt-general-conventions.md | 64 +++++------ 20 files changed, 217 insertions(+), 228 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 8eced69283..801dd76b13 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -17,7 +17,7 @@ This article outlines the general process that you should follow to migrate file ## In this topic -- [Step 1: Plan Your Migration](#step-1-plan-your-migration) +- [Step 1: Plan your migration](#step-1-plan-your-migration) - [Step 2: Collect files and settings from the source computer](#step-2-collect-files-and-settings-from-the-source-computer) diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index a347a93ac0..27feed854b 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -21,7 +21,7 @@ This article doesn't contain information about how to migrate applications that ## In this topic -- [Before You Begin](#before-you-begin) +- [Before you begin](#before-you-begin) - [Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer](#step-1-verify-that-the-application-is-installed-on-the-source-computer-and-that-its-the-same-version-as-the-version-to-be-installed-on-the-destination-computer). @@ -147,10 +147,10 @@ To speed up the time it takes to collect and migrate the data, you can migrate o ## Related articles -[USMT XML Reference](usmt-xml-reference.md) +[USMT XML reference](usmt-xml-reference.md) -[Conflicts and Precedence](usmt-conflicts-and-precedence.md) +[Conflicts and precedence](usmt-conflicts-and-precedence.md) -[XML Elements Library](usmt-xml-elements-library.md) +[XML elements library](usmt-xml-elements-library.md) -[Log Files](usmt-log-files.md) +[Log files](usmt-log-files.md) diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index a62267a2e4..cd170fadb4 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -17,11 +17,11 @@ When planning your migration, you should determine which migration store type be ## In this topic -[Migration Store Types](#migration-store-types) +[Migration store types](#migration-store-types) -[Local Store vs. Remote Store](#local-store-vs-remote-store) +[Local store vs. remote store](#local-store-vs-remote-store) -[The /localonly Command-Line Option](#the-localonly-command-line-option) +[The /localonly command-line option](#the-localonly-command-line-option) ## Migration store types @@ -60,4 +60,4 @@ You should use this option to exclude the data from removable drives and network ## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan your migration](usmt-plan-your-migration.md) diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index c30fb31706..4a60f02043 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -29,17 +29,17 @@ When you use User State Migration Tool (USMT) 10.0 to gather and restore user st ## In this topic -- [What Will Migrate Offline?](#what-will-migrate-offline) +- [What will migrate offline?](#what-will-migrate-offline) -- [What Offline Environments are Supported?](#what-offline-environments-are-supported) +- [What offline environments are supported?](#what-offline-environments-are-supported) -- [User-Group Membership and Profile Control](#user-group-membership-and-profile-control) +- [User-group membership and profile control](#user-group-membership-and-profile-control) -- [Command-Line Options](#command-line-options) +- [Command-line options](#command-line-options) -- [Environment Variables](#environment-variables) +- [Environment variables](#environment-variables) -- [Offline.xml Elements](#offlinexml-elements) +- [Offline.xml elements](#offlinexml-elements) ## What will migrate offline? @@ -173,4 +173,4 @@ The following XML example illustrates some of the elements discussed earlier in ## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan your migration](usmt-plan-your-migration.md) diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index ba4b82c7f2..428ddf12a1 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-deploy --- -# Understanding Migration XML Files +# Understanding migration XML files You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the `MigDocs.xml` and `MigUser.xml` files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a `Config.xml` file to further customize your migration. @@ -445,6 +445,6 @@ You can use an XML schema (MigXML.xsd) file to validate the syntax of your custo ## Related articles -[Exclude Files and Settings](usmt-exclude-files-and-settings.md) +[Exclude files and settings](usmt-exclude-files-and-settings.md) -[Include Files and Settings](usmt-include-files-and-settings.md) +[Include files and settings](usmt-include-files-and-settings.md) diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index b72180f82f..e1f6f61c40 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -12,11 +12,11 @@ ms.topic: article ms.technology: itpro-deploy --- -# USMT Best Practices +# USMT best practices This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. -## General Best Practices +## General best practices - **Install applications before running the LoadState tool** @@ -24,7 +24,7 @@ This article discusses general and security-related best practices when using Us - **Don't use MigUser.xml and MigDocs.xml together** - If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the `/genmigxml` command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md). + If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the `/genmigxml` command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md). - **Use MigDocs.xml for a better migration experience** @@ -50,7 +50,7 @@ This article discusses general and security-related best practices when using Us If you decide to perform the migration while users are using the network, it's best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups. -## Security Best Practices +## Security best practices As the authorized administrator, it is your responsibility to protect the privacy of the users and maintain security during and after the migration. In particular, you must consider the following issues: @@ -132,6 +132,6 @@ As the authorized administrator, it is your responsibility to protect the privac ## Related articles -[Migration Store Encryption](usmt-migration-store-encryption.md) +[Migration store encryption](usmt-migration-store-encryption.md) -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan your migration](usmt-plan-your-migration.md) diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index 5c2fee2a99..0bf443f6a5 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -11,11 +11,11 @@ ms.topic: article ms.technology: itpro-deploy --- -# Choose a Migration Store Type +# Choose a migration store type One of the main considerations for planning your migration is to determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers, and how much space is needed to create and host the migration store, whether you're using a local share, network share, or storage device. The final consideration is ensuring that user date integrity is maintained by encrypting the migration store. -## In This Section +## In this section | Link | Description | |--- |--- | @@ -26,6 +26,6 @@ One of the main considerations for planning your migration is to determine which ## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan your migration](usmt-plan-your-migration.md) -[User State Migration Tool (USMT) How-to topics](usmt-how-to.md) +[User State Migration Tool (USMT) how-to topics](usmt-how-to.md) diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 5807186f04..74c1c3c801 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-deploy --- -# User State Migration Tool (USMT) Command-line Syntax +# User State Migration Tool (USMT) command-line syntax The User State Migration Tool (USMT) 10.0 migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation. @@ -19,6 +19,6 @@ The User State Migration Tool (USMT) 10.0 migrates user files and settings durin | Link | Description | |--- |--- | -|[ScanState Syntax](usmt-scanstate-syntax.md)|Lists the command-line options for using the ScanState tool.| -|[LoadState Syntax](usmt-loadstate-syntax.md)|Lists the command-line options for using the LoadState tool.| -|[UsmtUtils Syntax](usmt-utilities.md)|Lists the command-line options for using the UsmtUtils tool.| +|[ScanState syntax](usmt-scanstate-syntax.md)|Lists the command-line options for using the ScanState tool.| +|[LoadState syntax](usmt-loadstate-syntax.md)|Lists the command-line options for using the LoadState tool.| +|[UsmtUtils syntax](usmt-utilities.md)|Lists the command-line options for using the UsmtUtils tool.| diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 151cba0fb1..48dcbd4b35 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -42,9 +42,9 @@ When you encounter a problem or error message during migration, you can use the > [!NOTE] > Running the ScanState and LoadState tools with the `/v:5` option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred. -- Use the `/Verify` option with the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md). +- Use the `/Verify` option with the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md). -- Use the `/Extract` option with the UsmtUtils tool to extract files from a compressed migration store. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). +- Use the `/Extract` option with the UsmtUtils tool to extract files from a compressed migration store. For more information, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md). - Create a progress log using the `/Progress` option to monitor your migration. @@ -63,7 +63,7 @@ The following sections describe common user account problems. Expand the section ### I'm having problems creating local accounts on the destination computer -**Resolution:** For more information about creating accounts and migrating local accounts, see [Migrate User Accounts](usmt-migrate-user-accounts.md). +**Resolution:** For more information about creating accounts and migrating local accounts, see [Migrate user accounts](usmt-migrate-user-accounts.md). ### Not all of the user accounts were migrated to the destination computer @@ -182,15 +182,15 @@ The following sections describe common migration problems. Expand the section to **Resolution:** You can use the USMT XML schema (`MigXML.xsd`) to write and validate migration .xml files. Also see the XML examples in the following articles: -[Conflicts and Precedence](usmt-conflicts-and-precedence.md) +[Conflicts and precedence](usmt-conflicts-and-precedence.md) -[Exclude Files and Settings](usmt-exclude-files-and-settings.md) +[Exclude files and settings](usmt-exclude-files-and-settings.md) -[Reroute Files and Settings](usmt-reroute-files-and-settings.md) +[Reroute files and settings](usmt-reroute-files-and-settings.md) -[Include Files and Settings](usmt-include-files-and-settings.md) +[Include files and settings](usmt-include-files-and-settings.md) -[Custom XML Examples](usmt-custom-xml-examples.md) +[Custom XML examples](usmt-custom-xml-examples.md) ### After LoadState completes, the new desktop background doesn't appear on the destination computer @@ -246,7 +246,7 @@ The following sections describe common offline migration problems. Expand the se ### Some of my system settings don't migrate in an offline migration -**Cause:** Some system settings, such as desktop backgrounds and network printers, aren't supported in an offline migration. For more information, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) +**Cause:** Some system settings, such as desktop backgrounds and network printers, aren't supported in an offline migration. For more information, see [What does USMT migrate?](usmt-what-does-usmt-migrate.md) **Resolution:** In an offline migration, these system settings must be restored manually. @@ -268,7 +268,7 @@ Scanstate.exe /ui:S1-5-21-124525095-708259637-1543119021* The wild card (\*) at the end of the SID will migrate the *SID*\_Classes key as well. -You can also use patterns for SIDs that identify generic users or groups. For example, you can use the `/ue:*-500` option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](/troubleshoot/windows-server/identity/security-identifiers-in-windows). +You can also use patterns for SIDs that identify generic users or groups. For example, you can use the `/ue:*-500` option to exclude the local administrator accounts. For more information about Windows SIDs, see [Security identifiers](/windows-server/identity/ad-ds/manage/understand-security-identifiers). ### My script to wipe the disk fails after running the ScanState tool on a 64-bit system @@ -304,10 +304,10 @@ You should also reboot the machine. ## Related articles -[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) +[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md) -[Frequently Asked Questions](usmt-faq.yml) +[Frequently asked questions](usmt-faq.yml) -[Return Codes](usmt-return-codes.md) +[Return codes](usmt-return-codes.md) -[UsmtUtils Syntax](usmt-utilities.md) +[UsmtUtils syntax](usmt-utilities.md) diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index ef212927fd..5d5b8343a8 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -123,8 +123,8 @@ A company is allocating 20 new computers to users in the accounting department. ## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan your migration](usmt-plan-your-migration.md) -[Choose a Migration Store Type](usmt-choose-migration-store-type.md) +[Choose a migration store type](usmt-choose-migration-store-type.md) -[Offline Migration Reference](offline-migration-reference.md) +[Offline migration reference](offline-migration-reference.md) diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 3311ec43eb..8c2219cf8e 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -487,4 +487,4 @@ Refer to the following sample `Config.xml` file for more details about items you ## Related articles -[USMT XML Reference](usmt-xml-reference.md) +[USMT XML reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index 39baed7821..016e76bf24 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-deploy --- -# Conflicts and Precedence +# Conflicts and precedence When you include, exclude, and reroute files and settings, it's important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind. @@ -260,4 +260,4 @@ During LoadState, all the files will be restored, overwriting the existing files ## Related articles -[USMT XML Reference](usmt-xml-reference.md) +[USMT XML reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index 42026f9560..4f063c6db3 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -276,6 +276,6 @@ The behavior for this custom .xml file is described within the `` t ## Related articles -[USMT XML Reference](usmt-xml-reference.md) +[USMT XML reference](usmt-xml-reference.md) -[Customize USMT XML Files](usmt-customize-xml-files.md) +[Customize USMT XML files](usmt-customize-xml-files.md) diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 3d2694b9a9..28ed11ef7d 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -11,9 +11,9 @@ ms.topic: article ms.technology: itpro-deploy --- -# Customize USMT XML Files +# Customize USMT XML files -## In This Topic +## In this topic [Overview](#overview) @@ -102,7 +102,7 @@ In addition, note the following functionality with the `Config.xml` file: `loadstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:5 /decrypt /key:"mykey"` -## Additional Information +## Additional information - For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). @@ -112,6 +112,6 @@ In addition, note the following functionality with the `Config.xml` file: ## Related articles -[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md) +[User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md) -[USMT Resources](usmt-resources.md) +[USMT resources](usmt-resources.md) diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index 3c8c9cd5a6..4050e3d353 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-deploy --- -# Determine What to Migrate +# Determine what to migrate By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration. @@ -27,7 +27,7 @@ To reduce complexity and increase standardization, your organization should cons Using an SOE can vastly simplify the migration and reduce overall deployment challenges. -## In This Section +## In this section | Link | Description | |--- |--- | @@ -38,4 +38,4 @@ Using an SOE can vastly simplify the migration and reduce overall deployment cha ## Related articles -[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) +[What does USMT migrate?](usmt-what-does-usmt-migrate.md) diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 20ca21f7ca..75de1c490f 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -115,4 +115,4 @@ When trying to determine how much disk space you'll need, consider the following ## Related articles -[Common Migration Scenarios](usmt-common-migration-scenarios.md) +[Common migration scenarios](usmt-common-migration-scenarios.md) diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 8d74279363..0c1da07221 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -11,39 +11,43 @@ ms.topic: article ms.technology: itpro-deploy --- -# Exclude Files and Settings -When you specify the migration .xml files, MigApp.xml, Migdocs, and MigUser.xml, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a Config.xml file to exclude an entire component from a migration. You cannot, however, exclude users by using the migration .xml files or the Config.xml file. The only way to specify which users to include and exclude is by using the User options on the command line in the ScanState tool. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md). +# Exclude files and settings -In this topic: +When you specify the migration .xml files, `MigApp.xml`, `Migdocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the User options on the command line in the ScanState tool. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md). -- [Create a custom .xml file](#create-a-custom-xml-file). You can use the following elements to specify what to exclude: +## In this topic - - include and exclude: You can use the <include> and <exclude> elements to exclude objects with conditions. For example, you can migrate all files located in the C:\\ drive, except any .mp3 files. It is important to remember that [Conflicts and Precedence](usmt-conflicts-and-precedence.md) apply to these elements. +- [Create a custom .xml file](#create-a-custom-xml-file). You can use the following elements to specify what to exclude: - - [unconditionalExclude](#example-1-how-to-migrate-all-files-from-c-except-mp3-files): You can use the <unconditionalExclude> element to globally exclude data. This element takes precedence over all other include and exclude rules in the .xml files. Therefore, this element excludes objects regardless of any other <include> rules that are in the .xml files. For example, you can exclude all .mp3 files on the computer, or you can exclude all files from C:\\UserData. + - include and exclude: You can use the **<include>** and **<exclude>** elements to exclude objects with conditions. For example, you can migrate all files located in the C:\\ drive, except any .mp3 files. It's important to remember that [Conflicts and Precedence](usmt-conflicts-and-precedence.md) apply to these elements. -- [Create a Config.xml File](#create-a-config-xml-file): You can create and modify a Config.xml file to exclude an entire component from the migration. For example, you can use this file to exclude the settings for one of the default applications. In addition, creating and modifying a Config.xml file is the only way to exclude the operating-system settings that are migrated to computers running Windows. Excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. + - [unconditionalExclude](#example-1-how-to-migrate-all-files-from-c-except-mp3-files): You can use the **<unconditionalExclude>** element to globally exclude data. This element takes precedence over all other include and exclude rules in the .xml files. Therefore, this element excludes objects regardless of any other **<include>** rules that are in the .xml files. For example, you can exclude all .mp3 files on the computer, or you can exclude all files from C:\\UserData. + +- [Create a Config.xml File](#create-a-config-xml-file): You can create and modify a `Config.xml` file to exclude an entire component from the migration. For example, you can use this file to exclude the settings for one of the default applications. In addition, creating and modifying a `Config.xml` file is the only way to exclude the operating-system settings that are migrated to computers running Windows. Excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. ## Create a custom .xml file -We recommend that you create a custom .xml file instead of modifying the default migration .xml files. When you use a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications. + +We recommend that you create a custom .xml file instead of modifying the default migration .xml files. When you use a custom .xml file, you can keep your changes separate from the default .xml file, which makes it easier to track your modifications. ### <include> and <exclude> -The migration .xml files, MigApp.xml, MigDocs, and MigUser.xml, contain the <component> element, which typically represents a self-contained component or an application such as Microsoft® Office Outlook® and Word. To exclude the files and registry settings that are associated with these components, use the <include> and <exclude> elements. For example, you can use these elements to migrate all files and settings with pattern X except files and settings with pattern Y, where Y is more specific than X. For the syntax of these elements, see [USMT XML Reference](usmt-xml-reference.md). -**Note**   -If you specify an <exclude> rule, always specify a corresponding <include> rule. Otherwise, if you do not specify an <include> rule, the specific files or settings will not be included. They will already be excluded from the migration. Thus, an unaccompanied <exclude> rule is unnecessary. +The migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, contain the **<component>** element, which typically represents a self-contained component or an application such as Microsoft® Office Outlook® and Word. To exclude the files and registry settings that are associated with these components, use the **<include>** and **<exclude>** elements. For example, you can use these elements to migrate all files and settings with pattern X except files and settings with pattern Y, where Y is more specific than X. For the syntax of these elements, see [USMT XML Reference](usmt-xml-reference.md). -- [Example 1: How to migrate all files from C:\\ except .mp3 files](#example-1-how-to-migrate-all-files-from-c-except-mp3-files) +> [!NOTE] +> If you specify an **<exclude>** rule, always specify a corresponding **<include>** rule. Otherwise, if you do not specify an **<include>** rule, the specific files or settings will not be included. They will already be excluded from the migration. Thus, an unaccompanied **<exclude>** rule is unnecessary. -- [Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp](#example-2-how-to-migrate-all-files-located-in-cdata-except-files-in-cdatatmp) +- [Example 1: How to migrate all files from C:\\ except .mp3 files](#example-1-how-to-migrate-all-files-from-c-except-mp3-files) -- [Example 3: How to exclude the files in a folder but include all subfolders](#example-3-how-to-exclude-the-files-in-a-folder-but-include-all-subfolders) +- [Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp](#example-2-how-to-migrate-all-files-located-in-cdata-except-files-in-cdatatmp) -- [Example 4: How to exclude a file from a specific folder](#example-4-how-to-exclude-a-file-from-a-specific-folder) +- [Example 3: How to exclude the files in a folder but include all subfolders](#example-3-how-to-exclude-the-files-in-a-folder-but-include-all-subfolders) -- [Example 5: How to exclude a file from any location](#example-5-how-to-exclude-a-file-from-any-location) +- [Example 4: How to exclude a file from a specific folder](#example-4-how-to-exclude-a-file-from-a-specific-folder) + +- [Example 5: How to exclude a file from any location](#example-5-how-to-exclude-a-file-from-any-location) ### Example 1: How to migrate all files from C:\\ except .mp3 files + The following .xml file migrates all files located on the C: drive, except any .mp3 files. ``` xml @@ -68,8 +72,10 @@ The following .xml file migrates all files located on the C: drive, except any . ``` -### Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp -The following .xml file migrates all files and subfolders in C:\\Data, except the files and subfolders in C:\\Data\\tmp. + +### Example 2: How to migrate all files located in `C:\Data` except files in `C:\Data\tmp` + +The following .xml file migrates all files and subfolders in `C:\Data`, except the files and subfolders in `C:\Data\tmp`. ``` xml @@ -94,7 +100,8 @@ The following .xml file migrates all files and subfolders in C:\\Data, except th ``` ### Example 3: How to exclude the files in a folder but include all subfolders -The following .xml file migrates any subfolders in C:\\EngineeringDrafts, but excludes all files that are in C:\\EngineeringDrafts. + +The following .xml file migrates any subfolders in `C:\`EngineeringDrafts`, but excludes all files that are in `C:\EngineeringDrafts`. ``` xml @@ -119,7 +126,8 @@ The following .xml file migrates any subfolders in C:\\EngineeringDrafts, but ex ``` ### Example 4: How to exclude a file from a specific folder -The following .xml file migrates all files and subfolders in C:\\EngineeringDrafts, except for the Sample.doc file in C:\\EngineeringDrafts. + +The following .xml file migrates all files and subfolders in `C:\EngineeringDrafts`, except for the `Sample.doc` file in `C:\EngineeringDrafts`. ``` xml @@ -144,22 +152,26 @@ The following .xml file migrates all files and subfolders in C:\\EngineeringDraf ``` ### Example 5: How to exclude a file from any location -To exclude a Sample.doc file from any location on the C: drive, use the <pattern> element. If multiple files exist with the same name on the C: drive, all of these files will be excluded. + +To exclude a Sample.doc file from any location on the C: drive, use the **<pattern>** element. If multiple files exist with the same name on the C: drive, all of these files will be excluded. ``` xml C:\* [Sample.doc] ``` -To exclude a Sample.doc file from any drive on the computer, use the <script> element. If multiple files exist with the same name, all of these files will be excluded. +To exclude a Sample.doc file from any drive on the computer, use the **<script>** element. If multiple files exist with the same name, all of these files will be excluded. ``` xml ``` + #### Examples of how to use XML to exclude files, folders, and registry keys + Here are some examples of how to use XML to exclude files, folders, and registry keys. For more info, see [USMT XML Reference](usmt-xml-reference.md) -**Example 1: How to exclude all .mp3 files**
-The following .xml file excludes all .mp3 files from the migration: +##### Example 1: How to exclude all .mp3 files + +The following .xml file excludes all `.mp3` files from the migration: ``` xml @@ -177,7 +189,9 @@ The following .xml file excludes all .mp3 files from the migration: ``` -**Example 2: How to exclude all of the files on a specific drive**
+ +##### Example 2: How to exclude all of the files on a specific drive + The following .xml file excludes only the files located on the C: drive. ``` xml @@ -196,8 +210,10 @@ The following .xml file excludes only the files located on the C: drive. ``` -**Example 3: How to exclude registry keys**
-The following .xml file unconditionally excludes the HKEY_CURRENT_USER registry key and all of its subkeys. + +##### Example 3: How to exclude registry keys + +The following .xml file unconditionally excludes the `HKEY_CURRENT_USER` registry key and all of its subkeys. ``` xml @@ -221,8 +237,10 @@ The following .xml file unconditionally excludes the HKEY_CURRENT_USER registry ``` -**Example 4: How to Exclude `C:\Windows` and `C:\Program Files`**
-The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. Note that all \*.docx, \*.xls and \*.ppt files will not be migrated because the <unconditionalExclude> element takes precedence over the <include> element. + +##### Example 4: How to Exclude `C:\Windows` and `C:\Program Files` + +The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. Note that all `*.docx`, `*.xls` and `*.ppt` files won't be migrated because the **<unconditionalExclude>** element takes precedence over the **<include>** element. ``` xml @@ -249,29 +267,24 @@ The following .xml file unconditionally excludes the system folders of `C:\Windo ``` + ## Create a Config XML File -You can create and modify a Config.xml file if you want to exclude components from the migration. Excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. Config.xml is an optional file that you can create using the **/genconfig** command-line option with the ScanState tool. For example, you can use the Config.xml file to exclude the settings for one of the default applications. In addition, creating and modifying this file is the only way to exclude the operating-system settings that are migrated to computers running Windows. -- **To exclude the settings for a default application:** Specify `migrate="no"` for the application under the <Applications> section of the Config.xml file. +You can create and modify a `Config.xml` file if you want to exclude components from the migration. Excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. `Config.xml` is an optional file that you can create using the `/genconfig` command-line option with the ScanState tool. For example, you can use the `Config.xml` file to exclude the settings for one of the default applications. In addition, creating and modifying this file is the only way to exclude the operating-system settings that are migrated to computers running Windows. -- **To exclude an operating system setting:** Specify `migrate="no"` for the setting under the <WindowsComponents> section. +- **To exclude the settings for a default application:** Specify `migrate="no"` for the application under the **<Applications>** section of the `Config.xml` file. -- **To exclude My Documents:** Specify `migrate="no"` for My Documents under the <Documents> section. Note that any <include> rules in the .xml files will still apply. For example, if you have a rule that includes all the .docx files in My Documents, then only the .docx files will be migrated, but the rest of the files will not. +- **To exclude an operating system setting:** Specify `migrate="no"` for the setting under the **<WindowsComponents>** section. -See [Config.xml File](usmt-configxml-file.md) for more information. - -**Note**   -To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration. - -## Related topics -- [Customize USMT XML Files](usmt-customize-xml-files.md) -- [USMT XML Reference](usmt-xml-reference.md) - - - - +- **To exclude My Documents:** Specify `migrate="no"` for **My Documents** under the **<Documents>** section. Note that any **<include>** rules in the .xml files will still apply. For example, if you have a rule that includes all the .docx files in My Documents, then only the .docx files will be migrated, but the rest of the files won't. +For more information, see [Config.xml File](usmt-configxml-file.md). +> [!NOTE] +> To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration. +## Related articles +- [Customize USMT XML files](usmt-customize-xml-files.md) +- [USMT XML reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index a1df56c1b1..47f0de9169 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -11,110 +11,100 @@ ms.topic: article ms.technology: itpro-deploy --- -# Extract Files from a Compressed USMT Migration Store +# Extract files from a compressed USMT migration store +When you migrate files and settings during a typical PC-refresh migration, you usually create a compressed migration store file on the intermediate store. This migration store is a single image file that contains all files being migrated as well as a catalog file. To protect the compressed file, you can encrypt it by using different encryption algorithms. When you migrate the file back to the source computer after the operating system is installed, you can run the **USMTUtils** command with the `/extract` option to recover the files from the compressed migration store. You can also use the **USMTUtils** command with the `/extract` option any time you need to recover data from a migration store. -When you migrate files and settings during a typical PC-refresh migration, you usually create a compressed migration store file on the intermediate store. This migration store is a single image file that contains all files being migrated as well as a catalog file. To protect the compressed file, you can encrypt it by using different encryption algorithms. When you migrate the file back to the source computer after the operating system is installed, you can run the **Usmtutils** command with the **/extract** option to recover the files from the compressed migration store. You can also use the **Usmtutils** command with the **/extract** option any time you need to recover data from a migration store. +Options used with the `/extract` option can specify: -Options used with the **/extract** option can specify: +- The cryptographic algorithm that was used to create the migration store. -- The cryptographic algorithm that was used to create the migration store. +- The encryption key or the text file that contains the encryption key. -- The encryption key or the text file that contains the encryption key. +- Include and exclude patterns for selective data extraction. -- Include and exclude patterns for selective data extraction. - -In addition, you can specify the file patterns that you want to extract by using the **/i** option to include file patterns or the **/e** option to exclude file patterns. When both the **/i** option and the **/e** option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the ScanState and LoadState tools. +In addition, you can specify the file patterns that you want to extract by using the `/i` option to include file patterns or the `/e` option to exclude file patterns. When both the `/i` option and the `/e` option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the ScanState and LoadState tools. ## In this topic +- [To run the USMTUtils tool with the /extract option](#to-run-the-usmtutils-tool-with-the-extract-option) -- [To run the USMTutils tool with the /extract option](#bkmk-extractsyntax) +- [To extract all files from a compressed migration store](#to-extract-all-files-from-a-compressed-migration-store) -- [To extract all files from a compressed migration store](#bkmk-extractallfiles) +- [To extract specific file types from an encrypted compressed migration store](#to-extract-specific-file-types-from-an-encrypted-compressed-migration-store) -- [To extract specific file types from an encrypted compressed migration store](#bkmk-extractspecificfiles) +- [To extract all but one, or more, file types from an encrypted compressed migration store](#to-extract-all-but-one-or-more-file-types-from-an-encrypted-compressed-migration-store) -- [To extract all but one, or more, file types from an encrypted compressed migration store](#bkmk-excludefilepattern) +- [To extract file types using the include pattern and the exclude pattern](#to-extract-file-types-using-the-include-pattern-and-the-exclude-pattern) -- [To extract file types using the include pattern and the exclude pattern](#bkmk-includeexcludefiles) +### To run the USMTUtils tool with the /extract option -### To run the USMTutils tool with the /extract option +To extract files from the compressed migration store onto the destination computer, use the following USMTUtils syntax: -To extract files from the compressed migration store onto the destination computer, use the following USMTutils syntax: - -Cd /d <USMTpath> usmtutils /extract <filePath> <destinationPath> \[/i:<includePattern>\] \[/e:<excludePattern>\] \[/l:<logfile>\] \[/decrypt\[:<AlgID>\] {/key:<keystring> | /keyfile:<filename>}\] \[/o\] +``` syntax +usmtutils.exe /extract [/i:] [/e:] [/l:] [/decrypt[:] {/key: | /keyfile:}] [/o] +``` Where the placeholders have the following values: -- *<USMTpath>* is the location where you have saved the USMT files and tools. +- **<USMTpath>** is the location where you have saved the USMT files and tools. -- *<filePath>* is the location of the migration store. +- **<filePath>** is the location of the migration store. -- *<destination path>* is the location of the file where you want the **/extract** option to put the extracted migration store contents. +- **<destination path>** is the location of the file where you want the **/extract** option to put the extracted migration store contents. -- *<includePattern>* specifies the pattern for the files to include in the extraction. +- **<includePattern>** specifies the pattern for the files to include in the extraction. -- *<excludePattern>* specifies the pattern for the files to omit from the extraction. +- **<excludePattern>** specifies the pattern for the files to omit from the extraction. -- *<AlgID>* is the cryptographic algorithm that was used to create the migration store on the **ScanState** command line. +- **<AlgID>** is the cryptographic algorithm that was used to create the migration store on the `scanstate.exe` command line. -- *<logfile>* is the location and name of the log file. +- **<logfile>** is the location and name of the log file. -- *<keystring>* is the encryption key that was used to encrypt the migration store. +- **<keystring>** is the encryption key that was used to encrypt the migration store. -- *<filename>* is the location and name of the text file that contains the encryption key. +- **<filename>** is the location and name of the text file that contains the encryption key. -### To extract all files from a compressed migration store +### To extract all files from a compressed migration store To extract everything from a compressed migration store to a file on the C:\\ drive, type: ``` syntax -usmtutils /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore +usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore ``` -### To extract specific file types from an encrypted compressed migration store +### To extract specific file types from an encrypted compressed migration store To extract specific files, such as .txt and .pdf files, from an encrypted compressed migration store, type: ``` syntax -usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt +usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt ``` In this example, the file is encrypted and the encryption key is located in a text file called encryptionKey. -### To extract all but one, or more, file types from an encrypted compressed migration store +### To extract all but one, or more, file types from an encrypted compressed migration store To extract all files except for one file type, such as .exe files, from an encrypted compressed migration store, type: ``` syntax -usmtutils /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt +usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt ``` -### To extract file types using the include pattern and the exclude pattern +### To extract file types using the include pattern and the exclude pattern To extract files from a compressed migration store, and to exclude files of one type (such as .exe files) while including only specific files, use both the include pattern and the exclude pattern, as in this example: ``` syntax -usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o +usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o ``` In this example, if there is a myProject.exe file, it will also be extracted because the include pattern option takes precedence over the exclude pattern option. -## Related topics - - -[UsmtUtils Syntax](usmt-utilities.md) - -[Return Codes](usmt-return-codes.md) - -[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md) - -  - -  - - +## Related articles +[USMTUtils syntax](usmt-utilities.md) +[Return codes](usmt-return-codes.md) +[Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md) diff --git a/windows/deployment/usmt/usmt-faq.yml b/windows/deployment/usmt/usmt-faq.yml index 2b20b25a26..f058fa2a8d 100644 --- a/windows/deployment/usmt/usmt-faq.yml +++ b/windows/deployment/usmt/usmt-faq.yml @@ -1,7 +1,7 @@ ### YamlMime:FAQ metadata: title: 'Frequently Asked Questions (Windows 10)' - description: 'Learn about frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.' + description: 'Learn about frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.' ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b ms.reviewer: author: frankroj @@ -15,7 +15,7 @@ metadata: ms.topic: faq title: Frequently Asked Questions summary: | - The following sections provide frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0. + The following sections provide frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0. sections: @@ -24,7 +24,7 @@ sections: - question: | How much space is needed on the destination computer? answer: | - The destination computer needs enough available space for the following: + The destination computer needs enough available space for the following items: - Operating system @@ -35,100 +35,100 @@ sections: - question: | Can I store the files and settings directly on the destination computer or do I need a server? answer: | - You do not need to save the files to a server. If you are moving the user state to a new computer, you can create the store on a shared folder, on media that you can remove, such as a USB flash drive (UFD), or you can store it directly on the destination computer, as in the following steps: + You don't need to save the files to a server. If you're moving the user state to a new computer, you can create the store on a shared folder, on media that you can remove, such as a USB flash drive (UFD), or you can store it directly on the destination computer, as in the following steps: - 1. Create and share the directory C:\\store on the destination computer. + 1. Create and share the directory `C:\store` on the destination computer. - 2. Run the ScanState tool on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store + 2. Run the **ScanState** tool on the source computer and save the files and settings to `\\\store` - 3. Run the LoadState tool on the destination computer and specify C:\\store as the store location. + 3. Run the **LoadState** tool on the destination computer and specify `C:\store` as the store location. - question: | Can I migrate data between operating systems with different languages? answer: | - No. USMT does not support migrating data between operating systems with different languages; the source computer's operating-system language must match the destination computer's operating-system language. + No. USMT doesn't support migrating data between operating systems with different languages; the source computer's operating-system language must match the destination computer's operating-system language. - question: | Can I change the location of the temporary directory on the destination computer? answer: | - Yes. The environment variable USMT\_WORKING\_DIR can be changed to an alternative temporary directory. There are some offline migration scenarios where this is necessary, for example, when the USMT binaries are located on read-only Windows Preinstallation Environment (WinPE) boot media. + Yes. The environment variable `USMT\_WORKING\_DIR` can be changed to an alternative temporary directory. There are some offline migration scenarios where changing the temporary directory is necessary, for example, when the USMT binaries are located on read-only Windows Preinstallation Environment (WinPE) boot media. - question: | How do I install USMT? answer: | - Because USMT is included in Windows Assessment and Deployment Kit (Windows ADK), you need to install the Windows ADK package on at least one computer in your environment. However, the USMT binaries are designed to be deployed using xcopy. This means that they are installed on a computer simply by recursively copying the USMT directory from the computer containing the Windows ADK to each client computer. + Because USMT is included in Windows Assessment and Deployment Kit (Windows ADK), you need to install the Windows ADK package on at least one computer in your environment. The USMT binaries can then be copied from the USMT directory located on the original computer where the Windows ADK was installed to additional client computers. - question: | How do I uninstall USMT? answer: | - If you have installed the Windows ADK on the computer, uninstalling Windows ADK will uninstall USMT. For client computers that do not have the Windows ADK installed, you can simply delete the USMT directory to uninstall USMT. + If you've installed the Windows ADK on the computer, uninstalling Windows ADK will uninstall USMT. For client computers that don't have the Windows ADK installed, you can delete the USMT directory to uninstall USMT. - name: Files and Settings questions: - question: | How can I exclude a folder or a certain type of file from the migration? answer: | - You can use the **<unconditionalExclude>** element to globally exclude data from the migration. For example, you can use this element to exclude all MP3 files on the computer or to exclude all files from C:\\UserData. This element excludes objects regardless of any other <include> rules that are in the .xml files. For an example, see <unconditionalExclude> in the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) topic. For the syntax of this element, see [XML Elements Library](usmt-xml-elements-library.md). + You can use the **<unconditionalExclude>** element to globally exclude data from the migration. For example, you can use this element to exclude all MP3 files on the computer or to exclude all files from `C:\UserData`. This element excludes objects regardless of any other **<include>** rules that are in the .xml files. For an example, see **<unconditionalExclude>** in the [Exclude files and settings](usmt-exclude-files-and-settings.md) article. For the syntax of this element, see [XML elements library](usmt-xml-elements-library.md). - question: | - What happens to files that were located on a drive that does not exist on the destination computer? + What happens to files that were located on a drive that don't exist on the destination computer? answer: | - USMT migrates the files to the %SystemDrive% while maintaining the correct folder hierarchy. For example, if E:\\data\\File.pst is on the source computer, but the destination computer does not have an E:\\ drive, the file will be migrated to C:\\data\\File.pst, if C:\\ is the system drive. This holds true even when <locationModify> rules attempt to move data to a drive that does not exist on the destination computer. + USMT migrates the files to the `%SystemDrive%` while maintaining the correct folder hierarchy. For example, if `E:\data\File.pst` is on the source computer, but the destination computer doesn't have an E:\\ drive, the file will be migrated to `C:\data\File.pst`, if C:\\ is the system drive. This behavior holds true even when **<locationModify>** rules attempt to move data to a drive that doesn't exist on the destination computer. - name: USMT .xml Files questions: - question: | Where can I get examples of USMT .xml files? answer: | - The following topics include examples of USMT .xml files: + The following articles include examples of USMT .xml files: - - [Exclude Files and Settings](usmt-exclude-files-and-settings.md) + - [Exclude files and settings](usmt-exclude-files-and-settings.md) - - [Reroute Files and Settings](usmt-reroute-files-and-settings.md) + - [Reroute files and settings](usmt-reroute-files-and-settings.md) - - [Include Files and Settings](usmt-include-files-and-settings.md) + - [Include files and settings](usmt-include-files-and-settings.md) - - [Custom XML Examples](usmt-custom-xml-examples.md) + - [Custom XML examples](usmt-custom-xml-examples.md) - question: | Can I use custom .xml files that were written for USMT 5.0? answer: | - Yes. You can use custom .xml files that were written for USMT 5.0 with USMT for Windows 10. However, in order to use new USMT functionality, you must revisit your custom USMT files and refresh them to include the new command-line options and XML elements. + Yes. You can use custom .xml files that were written for USMT 5.0 with USMT for Windows 10. However, in order to use new USMT functionality, you must revisit your custom USMT files and refresh them to include the new command-line options and XML elements. - question: | How can I validate the .xml files? answer: | - You can use the USMT XML Schema (MigXML.xsd) to write and validate migration .xml files. + You can use the USMT XML Schema (`MigXML.xsd`) to write and validate migration .xml files. - question: | - Why must I list the .xml files with both the ScanState and LoadState commands? + Why must I list the .xml files with both the `ScanState.exe` and `LoadState.exe` commands? answer: | - The .xml files are not copied to the store as in previous versions of USMT. Because the ScanState and LoadState tools need the .xml files to control the migration, you must specify the same set of .xml files for the **ScanState** and **LoadState** commands. If you used a particular set of mig\*.xml files in the ScanState tool, either called through the "/auto" option, or individually through the "/i" option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. However, you do not have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the Config.xml file and specify the updated file with the **LoadState** command. **LoadState** will migrate only the files and settings that you want to migrate. + The .xml files aren't copied to the store as in previous versions of USMT. Because the **ScanState** and **LoadState** tools need the .xml files to control the migration, you must specify the same set of .xml files for the `ScanState.exe` and `LoadState.exe` commands. If you used a particular set of mig\*.xml files in the **ScanState** tool, either called through the `/auto` option, or individually through the `/i` option, then you should use same option to call the exact same mig\*.xml files in the **LoadState** tool. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the **My Documents** folder to the store, but not to the destination computer. To do this type of migration, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. **LoadState** will migrate only the files and settings that you want to migrate. - If you exclude an .xml file from the **LoadState** command, then all of the data that is in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified for the **ScanState** command will not apply. For example, if you exclude a MigApp.xml file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files. Instead, it will migrate them to C:\\data. + If you exclude an .xml file from the `LoadState.exe` command, then all of the data that is in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified for the `ScanState.exe` command won't apply. For example, if you exclude a `MigApp.xml` file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT won't reroute the files. Instead, it will migrate them to `C:\data`. - question: | Which files can I modify and specify on the command line? answer: | - You can specify the MigUser.xml and MigApp.xml files on the command line. You can modify each of these files. The migration of operating system settings is controlled by the manifests, which you cannot modify. If you want to exclude certain operating-system settings or any other components, create and modify the Config.xml file. + You can specify the `MigUser.xml` and `MigApp.xml` files on the command line. You can modify each of these files. The migration of operating system settings is controlled by the manifests, which you can't modify. If you want to exclude certain operating-system settings or any other components, create and modify the `Config.xml` file. - question: | - What happens if I do not specify the .xml files on the command line? + What happens if I don't specify the .xml files on the command line? answer: | - **ScanState** - If you do not specify any files with the **ScanState** command, all user accounts and default operating system components are migrated. + If you don't specify any files with the `ScanState.exe` command, all user accounts and default operating system components are migrated. - **LoadState** - If you do not specify any files with the **LoadState** command, all data that is in the store is migrated. However, any target-specific migration rules that were specified in .xml files with the **ScanState** command will not apply. For example, if you exclude a MigApp.xml file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files. Instead, it will migrate them to C:\\data. + If you don't specify any files with the `LoadState.exe` command, all data that is in the store is migrated. However, any target-specific migration rules that were specified in .xml files with the `ScanState.exe` command won't apply. For example, if you exclude a `MigApp.xml` file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT won't reroute the files. Instead, it will migrate them to `C:\data`. - name: Conflicts and Precedence questions: - question: | What happens when there are conflicting XML rules or conflicting objects on the destination computer? answer: | - For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). + For more information, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). additionalContent: | @@ -137,6 +137,6 @@ additionalContent: | [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) - [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md) + [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md) - [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md) + [Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md) diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md index 77678c8365..15d1d625c2 100644 --- a/windows/deployment/usmt/usmt-general-conventions.md +++ b/windows/deployment/usmt/usmt-general-conventions.md @@ -11,53 +11,49 @@ ms.topic: article ms.technology: itpro-deploy --- -# General Conventions - +# General conventions This topic describes the XML helper functions. -## In This Topic +## In this topic +[General XML guidelines](#general-xml-guidelines) -[General XML Guidelines](#bkmk-general) - -[Helper Functions](#bkmk-helperfunctions) - -## General XML Guidelines +[Helper functions](#helper-functions) +## General XML guidelines Before you modify the .xml files, become familiar with the following guidelines: -- **XML schema** +- **XML schema** - You can use the User State Migration Tool (USMT) 10.0 XML schema, MigXML.xsd, to write and validate migration .xml files. + You can use the User State Migration Tool (USMT) 10.0 XML schema, MigXML.xsd, to write and validate migration .xml files. -- **Conflicts** +- **Conflicts** - In general, when there are conflicts within the XML schema, the most specific pattern takes precedence. For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). + In general, when there are conflicts within the XML schema, the most specific pattern takes precedence. For more information, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). -- **Required elements** +- **Required elements** The required elements for a migration .xml file are **<migration>**, **<component>**, **<role>**, and **<rules>**. -- **Required child elements** +- **Required child elements** - - USMT does not fail with an error if you do not specify the required child elements. However, you must specify the required child elements for the parent element to affect the migration. + - USMT doesn't fail with an error if you don't specify the required child elements. However, you must specify the required child elements for the parent element to affect the migration. - - The required child elements apply only to the first definition of the element. If these elements are defined and then referred to using their name, the required child elements do not apply. For example, if you define `` in **<namedElements>**, and you specify `` in **<component>** to refer to this element, the definition inside **<namedElements>** must have the required child elements, but the **<component>** element does not need to have the required child elements. + - The required child elements apply only to the first definition of the element. If these elements are defined and then referred to using their name, the required child elements don't apply. For example, if you define `` in **<namedElements>**, and you specify `` in **<component>** to refer to this element, the definition inside **<namedElements>** must have the required child elements, but the **<component>** element doesn't need to have the required child elements. -- **File names with brackets** +- **File names with brackets** - If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named **file].txt**, you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`. + If you're migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there's a file named **file].txt**, you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`. -- **Using quotation marks** +- **Using quotation marks** When you surround code in quotation marks, you can use either double ("") or single (') quotation marks. -## Helper Functions +## Helper functions - -You can use the XML helper functions in the [XML Elements Library](usmt-xml-elements-library.md) to change migration behavior. Before you use these functions in an .xml file, note the following: +You can use the XML helper functions in the [XML elements library](usmt-xml-elements-library.md) to change migration behavior. Before you use these functions in an .xml file, note the following items: - **All of the parameters are strings** @@ -77,28 +73,18 @@ You can use the XML helper functions in the [XML Elements Library](usmt-xml-elem - **The encoded location used in all the helper functions is an unambiguous string representation for the name of an object** - It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves. + It's composed of the node part, optionally followed by the leaf enclosed in square brackets. This format makes a clear distinction between nodes and leaves. - For example, specify the file C:\\Windows\\Notepad.exe: **c:\\Windows\[Notepad.exe\]**. Similarly, specify the directory C:\\Windows\\System32 like this: **c:\\Windows\\System32**; note the absence of the \[\] characters. + For example, specify the file `C:\Windows\Notepad.exe`: **c:\\Windows\[Notepad.exe\]**. Similarly, specify the directory `C:\Windows\System32` like this: **c:\\Windows\\System32**; note the absence of the **\[\]** characters. - The registry is represented in a similar way. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key is **HKLM\\SOFTWARE\\MyKey\[\]**. + The registry is represented in a similar way. The default value of a registry key is represented as an empty **\[\]** construct. For example, the default value for the `HKLM\SOFTWARE\MyKey` registry key is **HKLM\\SOFTWARE\\MyKey\[\]**. - **You specify a location pattern in a way that is similar to how you specify an actual location** - The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf. - - For example, the pattern **c:\\Windows\\\\*** will match the \\Windows directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify **c:\\Windows\\\*\[\*\]**. - -## Related topics - - -[USMT XML Reference](usmt-xml-reference.md) - - - - - - + The exception is that both the node and leaf part accept patterns. However, a pattern from the node doesn't extend to the leaf. + For example, the pattern **c:\\Windows\\\\\*** will match the `\Windows` directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify **c:\\Windows\\\*\[\*\]**. +## Related articles +[USMT XML reference](usmt-xml-reference.md) From 02a9c2476cfd60fad8e6ec99962ece27a5a170cb Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Wed, 2 Nov 2022 16:25:10 -0400 Subject: [PATCH 011/108] Metadata update deployment/usmt 9 --- .../usmt/understanding-migration-xml-files.md | 96 ++++++------- .../usmt/usmt-choose-migration-store-type.md | 8 +- .../usmt/usmt-customize-xml-files.md | 12 +- .../usmt/usmt-determine-what-to-migrate.md | 10 +- .../usmt-estimate-migration-store-size.md | 8 +- .../usmt/usmt-exclude-files-and-settings.md | 4 +- .../usmt/usmt-hard-link-migration-store.md | 130 +++++++++-------- windows/deployment/usmt/usmt-how-it-works.md | 131 ++++++++---------- windows/deployment/usmt/usmt-how-to.md | 38 ++--- .../deployment/usmt/usmt-scanstate-syntax.md | 4 +- 10 files changed, 215 insertions(+), 226 deletions(-) diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 428ddf12a1..25cebd9242 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -77,47 +77,47 @@ The default `MigDocs.xml` file migrates the following data: - Standard shared folders: - - CSIDL\_COMMON\_DESKTOPDIRECTORY + - CSIDL_COMMON_DESKTOPDIRECTORY - - CSIDL\_COMMON\_FAVORITES + - CSIDL_COMMON_FAVORITES - - CSIDL\_COMMON\_DOCUMENTS + - CSIDL_COMMON_DOCUMENTS - - CSIDL\_COMMON\_MUSIC + - CSIDL_COMMON_MUSIC - - CSIDL\_COMMON\_PICTURES + - CSIDL_COMMON_PICTURES - - CSIDL\_COMMON\_VIDEO + - CSIDL_COMMON_VIDEO - - FOLDERID\_PublicDownloads + - FOLDERID_PublicDownloads - Standard user-profile folders for each user: - - CSIDL\_MYDOCUMENTS + - CSIDL_MYDOCUMENTS - - CSIDL\_MYPICTURES + - CSIDL_MYPICTURES - - FOLDERID\_OriginalImages + - FOLDERID_OriginalImages - - CSIDL\_MYMUSIC + - CSIDL_MYMUSIC - - CSIDL\_MYVIDEO + - CSIDL_MYVIDEO - - CSIDL\_FAVORITES + - CSIDL_FAVORITES - - CSIDL\_DESKTOP + - CSIDL_DESKTOP - - CSIDL\_QUICKLAUNCH + - CSIDL_QUICKLAUNCH - - FOLDERID\_Contacts + - FOLDERID_Contacts - - FOLDERID\_Libraries + - FOLDERID_Libraries - - FOLDERID\_Downloads + - FOLDERID_Downloads - - FOLDERID\_SavedGames + - FOLDERID_SavedGames - - FOLDERID\_RecordedTV + - FOLDERID_RecordedTV The default `MigDocs.xml` file won't migrate the following data: @@ -139,21 +139,21 @@ The default `MigUser.xml` file migrates the following data: - All files from the standard user-profile folders, which are described as: - - CSIDL\_MYVIDEO + - CSIDL_MYVIDEO - - CSIDL\_MYMUSIC + - CSIDL_MYMUSIC - - CSIDL\_DESKTOP + - CSIDL_DESKTOP - - CSIDL\_STARTMENU + - CSIDL_STARTMENU - - CSIDL\_PERSONAL + - CSIDL_PERSONAL - - CSIDL\_MYPICTURES + - CSIDL_MYPICTURES - - CSIDL\_FAVORITES + - CSIDL_FAVORITES - - CSIDL\_QUICK LAUNCH + - CSIDL_QUICK LAUNCH - Files with the following extensions: @@ -295,49 +295,49 @@ The migration XML files contain two <component> elements with different ** The system context includes rules for data outside of the User Profiles directory. For example, when called in a system context in the `MigDocs.xml` file, the `GenerateDocPatterns` function creates patterns for all common shell folders, files in the root directory of hard drives, and folders located at the root of hard drives. The following folders are included: -- CSIDL\_COMMON\_DESKTOPDIRECTORY +- CSIDL_COMMON_DESKTOPDIRECTORY -- CSIDL\_COMMON\_FAVORITES +- CSIDL_COMMON_FAVORITES -- CSIDL\_COMMON\_DOCUMENTS +- CSIDL_COMMON_DOCUMENTS -- CSIDL\_COMMON\_MUSIC +- CSIDL_COMMON_MUSIC -- CSIDL\_COMMON\_PICTURES +- CSIDL_COMMON_PICTURES -- CSIDL\_COMMON\_VIDEO +- CSIDL_COMMON_VIDEO -- FOLDERID\_PublicDownloads +- FOLDERID_PublicDownloads #### User context The user context includes rules for data in the User Profiles directory. When called in a user context in the `MigDocs.xml` file, the `GenerateDocPatterns` function creates patterns for all user shell folders, files located at the root of the profile, and folders located at the root of the profile. The following folders are included: -- CSIDL\_MYDOCUMENTS +- CSIDL_MYDOCUMENTS -- CSIDL\_MYPICTURES +- CSIDL_MYPICTURES -- FOLDERID\_OriginalImages +- FOLDERID_OriginalImages -- CSIDL\_MYMUSIC +- CSIDL_MYMUSIC -- CSIDL\_MYVIDEO +- CSIDL_MYVIDEO -- CSIDL\_FAVORITES +- CSIDL_FAVORITES -- CSIDL\_DESKTOP +- CSIDL_DESKTOP -- CSIDL\_QUICKLAUNCH +- CSIDL_QUICKLAUNCH -- FOLDERID\_Contacts +- FOLDERID_Contacts -- FOLDERID\_Libraries +- FOLDERID_Libraries -- FOLDERID\_Downloads +- FOLDERID_Downloads -- FOLDERID\_SavedGames +- FOLDERID_SavedGames -- FOLDERID\_RecordedTV +- FOLDERID_RecordedTV > [!NOTE] > Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the `MigDocs.xml` files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index 0bf443f6a5..72982b364a 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -19,10 +19,10 @@ One of the main considerations for planning your migration is to determine which | Link | Description | |--- |--- | -|[Migration Store Types Overview](migration-store-types-overview.md)|Choose the migration store type that works best for your needs and migration scenario.| -|[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)|Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.| -|[Hard-Link Migration Store](usmt-hard-link-migration-store.md)|Learn about hard-link migration stores and the scenarios in which they're used.| -|[Migration Store Encryption](usmt-migration-store-encryption.md)|Learn about the using migration store encryption to protect user data integrity during a migration.| +|[Migration store types overview](migration-store-types-overview.md)|Choose the migration store type that works best for your needs and migration scenario.| +|[Estimate migration store size](usmt-estimate-migration-store-size.md)|Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.| +|[Hard-link migration store](usmt-hard-link-migration-store.md)|Learn about hard-link migration stores and the scenarios in which they're used.| +|[Migration store encryption](usmt-migration-store-encryption.md)|Learn about the using migration store encryption to protect user data integrity during a migration.| ## Related articles diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 28ed11ef7d..22adc255cd 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -61,11 +61,11 @@ This section describes the migration .xml files that are included with USMT. Eac - **The MigUser.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate user folders, files, and file types. You can modify the `MigUser.xml` file. This file doesn't contain rules that migrate specific user accounts. The only way to specify which user accounts to migrate is on the command line using the ScanState and the LoadState user options. > [!NOTE] -> Don't use the `MigUser.xml` and `MigDocs.xml` files together. For more information, see the [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) and [USMT Best Practices](usmt-best-practices.md) articles. +> Don't use the `MigUser.xml` and `MigDocs.xml` files together. For more information, see the [Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md) and [USMT best practices](usmt-best-practices.md) articles. ## Custom .xml files -You can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior. If you want `ScanState.exe` and `LoadState.exe` to use this file, specify it with both commands. For more information, see the [Custom XML Examples](usmt-custom-xml-examples.md) article. +You can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior. If you want `ScanState.exe` and `LoadState.exe` to use this file, specify it with both commands. For more information, see the [Custom XML examples](usmt-custom-xml-examples.md) article. ## The Config.xml file @@ -75,7 +75,7 @@ If you want to include all of the default components, you don't need to create t When you run the `ScanState.exe` command with the `/genconfig` option, `ScanState.exe` reads the other .xml files that you specify using the `/i` option to create a custom list of components that can be migrated from the computer. This file will contain only operating system components, applications, and the user document sections that are in both of the .xml files and that are installed on the computer when you run the `ScanState.exe` command with the `/genconfig` option. Therefore, you should create this file on a source computer that contains all of the components, applications, and settings that will be present on the destination computers. Creating the file on the source computer will ensure that this file contains every component that can be migrated. The components are organized into sections: <Applications>, <WindowsComponents>, and <Documents>. To choose not to migrate a component, change its entry to `migrate="no"`. -After you create this file, you need to specify it only with the `ScanState.exe` command using the `/Config` option for it to affect the migration. However, if you want to exclude additional data that you migrated to the store, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. For example, if you collected the My Documents folder in the store, but you decide that you don't want to migrate the My Documents folder to a destination computer, you can modify the `Config.xml` file to indicate `migrate="no"` before you run the `LoadState.exe` command, and the file won't be migrated. For more information about the precedence that takes place when excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) article. +After you create this file, you need to specify it only with the `ScanState.exe` command using the `/Config` option for it to affect the migration. However, if you want to exclude additional data that you migrated to the store, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. For example, if you collected the My Documents folder in the store, but you decide that you don't want to migrate the My Documents folder to a destination computer, you can modify the `Config.xml` file to indicate `migrate="no"` before you run the `LoadState.exe` command, and the file won't be migrated. For more information about the precedence that takes place when excluding data, see the [Exclude files and settings](usmt-exclude-files-and-settings.md) article. In addition, note the following functionality with the `Config.xml` file: @@ -104,11 +104,11 @@ In addition, note the following functionality with the `Config.xml` file: ## Additional information -- For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). +- For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) how-to topics](usmt-how-to.md). -- For more information about each .xml element, see the [XML Elements Library](usmt-xml-elements-library.md) article. +- For more information about each .xml element, see the [XML elements library](usmt-xml-elements-library.md) article. -- For answers to common questions, see ".xml files" in the [Frequently Asked Questions](usmt-faq.yml) article. +- For answers to common questions, see ".xml files" in the [Frequently asked questions](usmt-faq.yml) article. ## Related articles diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index 4050e3d353..ed6b5bc177 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Determine what to migrate -By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration. +By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration. However, when considering what settings to migrate, you should also consider what settings you would like the user to be able to configure, if any, and what settings you would like to standardize. Many organizations use their migration as an opportunity to create and begin enforcing a better-managed environment. Some of the settings that users can configure on unmanaged computers prior to the migration can be locked on the new, managed computers. For example, standard wallpaper, Internet Explorer security settings, and desktop configuration are some of the items you can choose to standardize. @@ -31,10 +31,10 @@ Using an SOE can vastly simplify the migration and reduce overall deployment cha | Link | Description | |--- |--- | -|[Identify Users](usmt-identify-users.md)|Use command-line options to specify which users to migrate and how they should be migrated.| -|[Identify Applications Settings](usmt-identify-application-settings.md)|Determine which applications you want to migrate and prepare a list of application settings to be migrated.| -|[Identify Operating System Settings](usmt-identify-operating-system-settings.md)|Use migration to create a new standard environment on each of the destination computers.| -|[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)|Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.| +|[Identify users](usmt-identify-users.md)|Use command-line options to specify which users to migrate and how they should be migrated.| +|[Identify applications settings](usmt-identify-application-settings.md)|Determine which applications you want to migrate and prepare a list of application settings to be migrated.| +|[Identify operating system settings](usmt-identify-operating-system-settings.md)|Use migration to create a new standard environment on each of the destination computers.| +|[Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md)|Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.| ## Related articles diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 75de1c490f..6c72dd6cb8 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -17,11 +17,11 @@ The disk space requirements for a migration are dependent on the size of the mig ## In this topic -- [Hard Disk Space Requirements](#hard-disk-space-requirements): Describes the disk space requirements for the migration store and other considerations on the source and destination computers. +- [Hard disk space requirements](#hard-disk-space-requirements): Describes the disk space requirements for the migration store and other considerations on the source and destination computers. -- [Calculate Disk Space Requirements Using the ScanState Tool](#calculate-disk-space-requirements-using-the-scanstate-tool): Describes how to use the ScanState tool to determine how large the migration store will be on a particular computer. +- [Calculate disk space requirements using the ScanState tool](#calculate-disk-space-requirements-using-the-scanstate-tool): Describes how to use the ScanState tool to determine how large the migration store will be on a particular computer. -- [Estimating Migration Store Size](#estimating-migration-store-size): Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure. +- [Estimating migration store size](#estimating-migration-store-size): Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure. ## Hard disk space requirements @@ -75,7 +75,7 @@ To run the ScanState tool on the source computer with USMT installed: Although a migration store isn't created by running this command, the *<StorePath>* is still a required parameter. -The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this condition in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). +The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this condition in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML files](usmt-customize-xml-files.md). > [!NOTE] > To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the `/p` option is still available in USMT without having to specify the path to a file. See [Monitoring Options](usmt-scanstate-syntax.md#monitoring-options) for more information. diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 0c1da07221..60c849c7ad 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Exclude files and settings -When you specify the migration .xml files, `MigApp.xml`, `Migdocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the User options on the command line in the ScanState tool. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md). +When you specify the migration .xml files, `MigApp.xml`, `Migdocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the User options on the command line in the ScanState tool. For more information, see [ScanState syntax](usmt-scanstate-syntax.md). ## In this topic @@ -23,7 +23,7 @@ When you specify the migration .xml files, `MigApp.xml`, `Migdocs.xml`, and `Mig - [unconditionalExclude](#example-1-how-to-migrate-all-files-from-c-except-mp3-files): You can use the **<unconditionalExclude>** element to globally exclude data. This element takes precedence over all other include and exclude rules in the .xml files. Therefore, this element excludes objects regardless of any other **<include>** rules that are in the .xml files. For example, you can exclude all .mp3 files on the computer, or you can exclude all files from C:\\UserData. -- [Create a Config.xml File](#create-a-config-xml-file): You can create and modify a `Config.xml` file to exclude an entire component from the migration. For example, you can use this file to exclude the settings for one of the default applications. In addition, creating and modifying a `Config.xml` file is the only way to exclude the operating-system settings that are migrated to computers running Windows. Excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. +- [Create a Config.xml file](#create-a-config-xml-file): You can create and modify a `Config.xml` file to exclude an entire component from the migration. For example, you can use this file to exclude the settings for one of the default applications. In addition, creating and modifying a `Config.xml` file is the only way to exclude the operating-system settings that are migrated to computers running Windows. Excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. ## Create a custom .xml file diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 0d5378225b..3992607617 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -13,158 +13,156 @@ ms.technology: itpro-deploy # Hard-Link Migration Store -A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this functionality is what makes *hard-link migration store* best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs, and enables entirely new migration scenarios. +A **hard-link migration store** enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed. This functionality is what makes **hard-link migration store** best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs, and enables entirely new migration scenarios. ## In this topic -[When to Use a Hard-Link Migration](#bkmk-when) +[When to use a hard-link migration](#when-to-use-a-hard-link-migration) -[Understanding a Hard-Link Migration](#bkmk-understandhardlinkmig) +[Understanding a hard-link migration](#understanding-a-hard-link-migration) -[Scenario](#bkmk-scenario) +[Hard-Link migration store details](#hard-link-migration-store-details) -[Hard-Link Migration Store Details](#bkmk-hardlinkstoredetails) +[Hard disk space](#hard-disk-space) -[Hard Disk Space](#bkmk-harddiskspace) +[Hard-Link store size estimation](#hard-link-store-size-estimation) -[Hard-Link Store Size Estimation](#bkmk-hardlinkstoresizeest) +[Migration store path on multiple volumes](#migration-store-path-on-multiple-volumes) -[Migration Store Path on Multiple Volumes](#bkmk-migstoremultvolumes) +[Location modifications](#location-modifications) -[Location Modifications](#bkmk-locationmodify) +[Migrating Encrypting File System (EFS) certificates and files](#migrating-encrypting-file-system-efs-certificates-and-files) -[Migrating Encrypting File System (EFS) Certificates and Files](#bkmk-efs) +[Migrating locked files with the hard-link migration store](#migrating-locked-files-with-the-hard-link-migration-store) -[Migrating Locked Files With the Hard-Link Migration Store](#bkmk-miglockedfiles) +[XML elements in the Config.xml file](#xml-elements-in-the-configxml-file) -[XML Elements in the Config.xml File](#bkmk-xmlelementsinconfig) - -## When to Use a Hard-Link Migration +## When to use a hard-link migration You can use a hard-link migration store when your planned migration meets both of the following criteria: -- You are upgrading the operating system on existing hardware rather than migrating to new computers. +- You're upgrading the operating system on existing hardware rather than migrating to new computers. -- You are upgrading the operating system on the same volume of the computer. +- You're upgrading the operating system on the same volume of the computer. -You cannot use a hard-link migration store if your planned migration includes any of the following tasks: +You can't use a hard-link migration store if your planned migration includes any of the following tasks: -- You are migrating data from one computer to a second computer. +- You're migrating data from one computer to a second computer. -- You are migrating data from one volume on a computer to another volume, for example from `C:` to `D:`. +- You're migrating data from one volume on a computer to another volume, for example from `C:` to `D:`. -- You are formatting or repartitioning the disk outside of Windows Setup, or specifying a disk format or repartition during Windows Setup that will remove the migration store. +- You're formatting or repartitioning the disk outside of Windows Setup, or specifying a disk format or repartition during Windows Setup that will remove the migration store. -## Understanding a Hard-Link Migration +## Understanding a hard-link migration -The hard-link migration store is created using the command-line option, **/hardlink**, and is equivalent to other migration-store types. However, it differs in that hard links are utilized to keep files stored on the source computer during the migration. Keeping the files in place on the source computer eliminates the redundant work of duplicating files. It also enables the performance benefits and reduction in disk utilization that define this scenario. +The hard-link migration store is created using the command-line option, `/hardlink`, and is equivalent to other migration-store types. However, it differs in that hard links are utilized to keep files stored on the source computer during the migration. Keeping the files in place on the source computer eliminates the redundant work of duplicating files. It also enables the performance benefits and reduction in disk utilization that define this scenario. -When you create a hard link, you give an existing file one more path. For instance, you could create a hard link to c:\\file1.txt called c:\\hard link\\myFile.txt. These two paths relate to the same file. If you open c:\\file1.txt, make changes, and save the file, you will see those changes when you open c:\\hard link\\myFile.txt. If you delete c:\\file1.txt, the file still exists on your computer as c:\\hardlink\\myFile.txt. You must delete both references to the file in order to delete the file. +When you create a hard link, you give an existing file one more path. For instance, you could create a hard link to `c:\file1.txt` called `c:\hard link\myFile.txt`. These two paths relate to the same file. If you open `c:\file1.txt`, make changes, and save the file, you'll see those changes when you open `c:\hard link\myFile.txt`. If you delete `c:\file1.txt`, the file still exists on your computer as `c:\hardlink\myFile.txt`. You must delete both references to the file in order to delete the file. > [!NOTE] > A hard link can only be created for a file on the same volume. If you copy a hard-link migration store to another drive or external device, the files, and not the links, are copied, as in a non-compressed migration-store scenario. For more information about hard links, see [Hard Links and Junctions](/windows/win32/fileio/hard-links-and-junctions) -In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place. +In most aspects, a hard-link migration store is identical to an uncompressed migration store. It's located where specified by the **Scanstate** command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store. However, as with creating the store, the same hard-link functionality is used to keep files in-place. -As a best practice, we recommend that you delete the hard-link migration store after you confirm that the Loadstate tool has successfully migrated the files. Since Loadstate has created new paths to the files on your new installation of a Windows operating system, deleting the hard links in the migration store will only delete one path to the files and will not delete the actual files or the paths to them from your new operating system. +As a best practice, it is recommended that you delete the hard-link migration store after you confirm that the **Loadstate** tool has successfully migrated the files. Since **Loadstate** has created new paths to the files on the new installation of a Windows operating system, deleting the hard links in the migration store will only delete one path to the files, and won't delete the actual files or the paths to them from the new operating system. > [!IMPORTANT] -> Using the **/c** option will force the Loadstate tool to continue applying files when non-fatal errors occur. If you use the **/c** option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. +> Using the `/c` option will force the **Loadstate** tool to continue applying files when non-fatal errors occur. If you use the `/c` option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. Keeping the hard-link migration store can result in extra disk space being consumed or problems with some applications for the following reasons: -- Applications reporting file-system statistics, for example, space used and free space, might incorrectly report these statistics while the hard-link migration store is present. The file may be reported twice because of the two paths that reference that file. +- Applications reporting file-system statistics, for example, space used and free space, might incorrectly report these statistics while the hard-link migration store is present. The file may be reported twice because of the two paths that reference that file. -- A hard link may lose its connection to the original file. Some applications save changes to a file by creating a temporary file and then renaming the original to a backup filename. The path that was not used to open the file in this application will continue to refer to the unmodified file. The unmodified file that is not in use is taking up more disk space. You should create the hard-link migration store just before you perform the migration, and not use applications once the store is created, in order to make sure you are migrating the latest versions of all files. +- A hard link may lose its connection to the original file. Some applications save changes to a file by creating a temporary file and then renaming the original to a backup filename. The path that wasn't used to open the file in this application will continue to refer to the unmodified file. The unmodified file that isn't in use is taking up more disk space. You should create the hard-link migration store just before you perform the migration, and not use applications once the store is created, in order to make sure you're migrating the latest versions of all files. -- Editing the file by using different paths simultaneously may result in data corruption. +- Editing the file by using different paths simultaneously may result in data corruption. > [!IMPORTANT] > The read-only file attribute on migrated files is lost when the hard-link migration store is deleted. This is due to a limitation in NTFS file system hard links. -## Hard-Link Migration Scenario +## Hard-link migration scenario -For example, a company has decided to deploy Windows 10 on all of their computers. Each employee will keep the same computer, but the operating system on each computer will be updated. +For example, a company has decided to deploy Windows 10 on all of their computers. Each employee will keep the same computer, but the operating system on each computer will be updated. -1. An administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink** command-line option. The ScanState tool saves the user state to a hard-link migration store on each computer, improving performance by reducing file duplication, except in certain specific instances. +1. An administrator runs the **ScanState** command-line tool on each computer, specifying the `/hardlink` command-line option. The **ScanState** tool saves the user state to a hard-link migration store on each computer, improving performance by reducing file duplication, except in certain specific instances. > [!NOTE] - > As a best practice, we recommend that you do not create your hard-link migration store until just before you perform the migration in order to migrate the latest versions of your files. You should not use your software applications on the computer after creating the migration store until you have finished migrating your files with Loadstate. + > As a best practice, we recommend that you do not create your hard-link migration store until just before you perform the migration in order to migrate the latest versions of your files. You should not use your software applications on the computer after creating the migration store until you have finished migrating your files with **LoadState**. -2. On each computer, an administrator installs the company's standard operating environment (SOE), which includes Windows 7 and other applications the company currently uses. +2. On each computer, an administrator installs the company's standard operating environment (SOE), which includes Windows 7 and other applications the company currently uses. -3. An administrator runs the LoadState command-line tool on each computer. The LoadState tool restores user state back on each computer. +3. An administrator runs the **LoadState** command-line tool on each computer. The **LoadState** tool restores user state back on each computer. > [!NOTE] > During the update of a domain-joined computer, the profiles of users whose SID cannot be resolved will not be migrated. When using a hard-link migration store, it could cause a data loss. -## Hard-Link Migration Store Details +## Hard-link migration store details This section provides details about hard-link migration stores. -### Hard Disk Space +### Hard disk space -The **/hardlink** command-line option proceeds with creating the migration store only if there are 250 megabytes (MB) of free space on the hard disk. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless on the size of the migration. +The `/hardlink` command-line option proceeds with creating the migration store only if there are 250 megabytes (MB) of free space on the hard disk. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless on the size of the migration. -### Hard-Link Store Size Estimation +### Hard-link store size estimation -It is not necessary to estimate the size of a hard-link migration store. Estimating the size of a migration store is only useful in scenarios where the migration store is large, and on NTFS volumes the hard-link migration store will require much less incremental space than other store options. The only case where the local store can be large is when non-NTFS file systems exist on the system and contain data being migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual. +It isn't necessary to estimate the size of a hard-link migration store. Estimating the size of a migration store is only useful in scenarios where the migration store is large, and on NTFS volumes the hard-link migration store will require much less incremental space than other store options. The only case where the local store can be large is when non-NTFS file systems exist on the system and contain data being migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual. -### Migration Store Path on Multiple Volumes +### Migration store path on multiple volumes Separate hard-link migration stores are created on each NTFS volume that contain data being migrated. In this scenario, the primary migration-store location will be specified on the command line, and should be the operating-system volume. Migration stores with identical names and directory names will be created on every volume containing data being migrated. For example: -`Scanstate /hardlink c:\USMTMIG […]` +`Scanstate.exe /hardlink c:\USMTMIG […]` Running this command on a system that contains the operating system on the C: drive and the user data on the D: drive will generate migration stores in the following locations, assuming that both drives are NTFS: -C:\\USMTMIG\\ +`C:\USMTMIG\` -D:\\USMTMIG\\ +`D:\USMTMIG\` -The drive you specify on the command line for the hard-link migration store is important, because it defines where the *master migration store* should be placed. The *master migration store* is the location where data migrating from non-NTFS volumes is stored. This volume must have enough space to contain all of the data that comes from non-NTFS volumes. As in other scenarios, if a migration store already exists at the specified path, the **/o** option must be used to overwrite the existing data in the store. +The drive you specify on the command line for the hard-link migration store is important, because it defines where the **master migration store** should be placed. The **master migration store** is the location where data migrating from non-NTFS volumes is stored. This volume must have enough space to contain all of the data that comes from non-NTFS volumes. As in other scenarios, if a migration store already exists at the specified path, the `/o` option must be used to overwrite the existing data in the store. -### Location Modifications +### Location modifications -Location modifications that redirect migrated content from one volume to a different volume have an adverse impact on the performance of a hard-link migration. This impact is because the migrating data that must cross system volumes cannot remain in the hard-link migration store, and must be copied across the system volumes. +Location modifications that redirect migrated content from one volume to a different volume have an adverse impact on the performance of a hard-link migration. This impact is because the migrating data that must cross system volumes can't remain in the hard-link migration store, and must be copied across the system volumes. -### Migrating Encrypting File System (EFS) Certificates and Files +### Migrating Encrypting File System (EFS) certificates and files -To migrate Encrypting File System (EFS) files to a new installation of an operating system on the same volume of the computer, specify the **/efs:hardlink** option in the Scanstate command-line syntax. +To migrate Encrypting File System (EFS) files to a new installation of an operating system on the same volume of the computer, specify the `/efs:hardlink` option in the `Scanstate.exe` command-line syntax. -If the EFS files are being restored to a different partition, you should use the **/efs:copyraw** option instead of the **/efs:hardlink** option. Hard links can only be created for files on the same volume. Moving the files to another partition during the migration requires a copy of the files to be created on the new partition. The **/efs:copyraw** option will copy the files to the new partition in encrypted format. +If the EFS files are being restored to a different partition, you should use the `/efs:copyraw` option instead of the `/efs:hardlink` option. Hard links can only be created for files on the same volume. Moving the files to another partition during the migration requires a copy of the files to be created on the new partition. The `/efs:copyraw` option will copy the files to the new partition in encrypted format. -For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md) and the Encrypted File Options in [ScanState Syntax](usmt-scanstate-syntax.md). +For more information, see [Migrate EFS files and certificates](usmt-migrate-efs-files-and-certificates.md) and [Encrypted file options](usmt-scanstate-syntax.md#encrypted-file-options). -### Migrating Locked Files with the Hard-Link Migration Store +### Migrating locked files with the hard-link migration store Files that are locked by an application or the operating system are handled differently when using a hard-link migration store. -Files that are locked by the operating system cannot remain in place and must be copied into the hard-link migration store. As a result, selecting many operating-system files for migration significantly reduces performance during a hard-link migration. As a best practice, we recommend that you do not migrate any files out of the \\Windows directory, which minimizes performance-related issues. +Files that are locked by the operating system can't remain in place and must be copied into the hard-link migration store. As a result, selecting many operating-system files for migration significantly reduces performance during a hard-link migration. As a best practice, we recommend that you don't migrate any files out of the `\Windows directory`, which minimizes performance-related issues. -Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service is not being utilized. The volume shadow-copy service cannot be used with hard-link migrations. However, by modifying the new `` section in the Config.xml file, it is possible to enable the migration of files locked by an application. +Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service isn't being utilized. The volume shadow-copy service can't be used with hard-link migrations. However, by modifying the new **<HardLinkStoreControl>** section in the `Config.xml` file, it's possible to enable the migration of files locked by an application. > [!IMPORTANT] -> There are some scenarios in which modifying the `` section in the Config.xml file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use USMTutils.exe to schedule the migration store for deletion on the next restart. +> There are some scenarios in which modifying the **<HardLinkStoreControl>** section in the `Config.xml` file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use `USMTutils.exe` to schedule the migration store for deletion on the next restart. -## XML Elements in the Config.xml File +## XML elements in the Config.xml file -A new section in the Config.xml file allows optional configuration of some of the hard-link migration behavior introduced with the **/HardLink** option. +A new section in the `Config.xml` file allows optional configuration of some of the hard-link migration behavior introduced with the `/HardLink` option. | Element | Description | |--- |--- | -| `` | This element contains elements that describe the policies that USMT follows while creating a migration store. | -| `` | This element contains elements that describe how to handle files during the creation of a hard link migration store. | -| `` | This element contains elements that describe how to handle files that are locked for editing. | -| `` | This element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application.

Syntax: `` [pattern] `` | -| `` | This element defines a standard MigXML pattern that describes file paths where hard links should not be created, if the file is locked for editing by another application.

`` [pattern] `` | +| **<Policies>** | This element contains elements that describe the policies that USMT follows while creating a migration store. | +| **<HardLinkStoreControl>** | This element contains elements that describe how to handle files during the creation of a hard link migration store. | +| **<fileLocked>** | This element contains elements that describe how to handle files that are locked for editing. | +| **<createHardLink>** | This element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application.

Syntax: `` [pattern] `` | +| **<errorHardLink>** | This element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created, if the file is locked for editing by another application.

`` [pattern] `` | > [!IMPORTANT] -> You must use the **/nocompress** option with the **/HardLink** option. +> You must use the `/nocompress` option with the `/HardLink` option. -The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use``** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete. +The following XML sample specifies that files locked by an application under the `\Users` directory can remain in place during the migration. It also specifies that locked files that aren't located in the `\Users` directory should result in the **File in Use** error. It's important to exercise caution when specifying the paths using the ``** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete. ``` xml @@ -177,6 +175,6 @@ The following XML sample specifies that files locked by an application under the ``` -## Related topics +## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan your migration](usmt-plan-your-migration.md) diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md index 27b2ee785c..407d62a25c 100644 --- a/windows/deployment/usmt/usmt-how-it-works.md +++ b/windows/deployment/usmt/usmt-how-it-works.md @@ -11,123 +11,112 @@ ms.technology: itpro-deploy ms.date: 11/01/2022 --- -# How USMT Works +# How USMT works +USMT includes two tools that migrate settings and data: **ScanState** and **LoadState**. **ScanState** collects information from the source computer, and **LoadState** applies that information to the destination computer. -USMT includes two tools that migrate settings and data: ScanState and LoadState. ScanState collects information from the source computer, and LoadState applies that information to the destination computer. +- [How USMT works](#how-usmt-works) + - [The ScanState process](#the-scanstate-process) + - [The LoadState process](#the-loadstate-process) + - [Related articles](#related-articles) -- [ScanState Process](#the-scanstate-process) -- [LoadState Process](#the-loadstate-process) + > [!NOTE] + > For more information about how USMT processes the rules and the XML files, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). - **Note**   - For more information about how USMT processes the rules and the XML files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). +## The ScanState process -## The ScanState Process +When you run the **ScanState** tool on the source computer, it goes through the following process: -When you run the ScanState tool on the source computer, it goes through the following process: +1. It parses and validates the command-line parameters, creates the `ScanState.log` file, and then begins logging. -1. It parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging. - -2. It collects information about all of the migration components that need to be migrated. A *migration component* is a logical group of files, registry keys, and values. For example, the set of files, registry keys, and values that store the settings of Adobe Acrobat is grouped into a single migration component. +2. It collects information about all of the migration components that need to be migrated. A *migration component* is a logical group of files, registry keys, and values. For example, the set of files, registry keys, and values that store the settings of Adobe Acrobat is grouped into a single migration component. There are three types of components: - - Components that migrate the operating system settings - - Components that migrate application settings - - Components that migrate users’ files + - Components that migrate the operating system settings + + - Components that migrate application settings - The ScanState tool collects information about the application settings and user data components from the .xml files that are specified on the command line. + - Components that migrate users' files - In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file. + The **ScanState** tool collects information about the application settings and user data components from the .xml files that are specified on the command line. -3. ScanState determines which user profiles should be migrated. By default, all user profiles on the source computer are migrated. However, you can include and exclude users using the User Options. The public profile in a source computer running Windows 7, Windows 8, and Windows 10 is always migrated, and you cannot exclude these profiles from the migration. + In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You can't modify these files. If you want to exclude certain operating-system settings, you must create and modify a `Config.xml` file. -4. In the "Scanning" phase, ScanState does the following for each user profile selected for migration: +3. **ScanState** determines which user profiles should be migrated. By default, all user profiles on the source computer are migrated. However, you can include and exclude users using the User Options. The public profile in a source computer running Windows 7, Windows 8, and Windows 10 is always migrated, and you can't exclude these profiles from the migration. - 1. For each component, ScanState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored. +4. In the **Scanning** phase, **ScanState** does the following for each user profile selected for migration: - **Note**   - From this point on, ScanState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. ScanState processes all components in the same way. + 1. For each component, **ScanState** checks the type of the component. If the current user profile is the system profile and the component type is **System** or **UserAndSystem**, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile isn't the system profile and the component type is **User** or **UserAndSystem**, the component is selected for this user. Otherwise, this component is ignored. - 2. Each component that is selected in the previous step is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents, assuming that the user profiles are stored in the C:\\Users directory. + > [!NOTE] + > From this point on, **ScanState** does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users' files. **ScanState** processes all components in the same way. - 3. For each selected component, ScanState evaluates the <detects> section. If the condition in the <detects> section evaluates to false, the component is not processed any further. Otherwise, the processing of this component continues. + 2. Each component that is selected in the previous step is processed further. Any profile-specific variables (such as **CSIDL_PERSONAL**) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to **User1**, then **CSIDL_PERSONAL** would expand to `C:\Users\User1\Documents`, assuming that the user profiles are stored in the `C:\Users` directory. - 4. For each selected component, ScanState evaluates the <rules> sections. For each <rules> section, if the current user profile is the system profile and the context of the <rules> section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the <rules> section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. + 3. For each selected component, **ScanState** evaluates the **<detects>** section. If the condition in the **<detects>** section evaluates to false, the component isn't processed any further. Otherwise, the processing of this component continues. - 5. ScanState creates a list of migration units that need to be migrated by processing the various subsections under this <rules> section. Each unit is collected if it is mentioned in an <include> subsection, as long as there is not a more specific rule for it in an <exclude> subsection in the same <rules> section. For more information about precedence in the .xml files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). + 4. For each selected component, **ScanState** evaluates the **<rules>** sections. For each **<rules>** section, if the current user profile is the system profile and the context of the **<rules>** section is **System** or **UserAndSystem**, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile isn't the system profile and the context of the **<rules>** section is **User** or **UserAndSystem**, the rule is processed further. Otherwise, this rule is ignored. - In addition, any migration unit (such as a file, registry key, or set of registry values) that is in an <UnconditionalExclude> section is not migrated. + 5. **ScanState** creates a list of migration units that need to be migrated by processing the various subsections under this **<rules>** section. Each unit is collected if it's mentioned in an **<include>** subsection, as long as there isn't a more specific rule for it in an **<exclude>** subsection in the same **<rules>** section. For more information about precedence in the .xml files, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). - **Note**   - ScanState ignores some subsections such as <destinationCleanup> and <locationModify>. These sections are evaluated only on the destination computer. + In addition, any migration unit (such as a file, registry key, or set of registry values) that is in an <UnconditionalExclude> section isn't migrated. -5. In the "Collecting" phase, ScanState creates a master list of the migration units by combining the lists that were created for each selected user profile. + > [!NOTE] + > **ScanState** ignores some subsections such as <destinationCleanup> and <locationModify>. These sections are evaluated only on the destination computer. -6. In the "Saving" phase, ScanState writes the migration units that were collected to the store location. +5. In the **Collecting** phase, **ScanState** creates a master list of the migration units by combining the lists that were created for each selected user profile. - **Note**   - ScanState does not modify the source computer in any way. +6. In the **Saving** phase, **ScanState** writes the migration units that were collected to the store location. -## The LoadState Process + > [!NOTE] + > **ScanState** does not modify the source computer in any way. +## The LoadState process -The LoadState process is very similar to the ScanState process. The ScanState tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the LoadState tool collects migration units from the store and applies them to the destination computer. +The **LoadState** process is similar to the **ScanState** process. The **ScanState** tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the **LoadState** tool collects migration units from the store and applies them to the destination computer. -1. ScanState parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging. +1. **ScanState** parses and validates the command-line parameters, creates the `ScanState.log` file, and then begins logging. -2. LoadState collects information about the migration components that need to be migrated. +2. **LoadState** collects information about the migration components that need to be migrated. - LoadState obtains information for the application-settings components and user-data components from the migration .xml files that are specified by the LoadState command. + **LoadState** obtains information for the application-settings components and user-data components from the migration .xml files that are specified by the `LoadState.exe` command. - In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file. + In Windows 7, Windows 8, and Windows 10, the manifest files control how the operating-system settings are migrated. You can't modify these files. If you want to exclude certain operating-system settings, you must create and modify a `Config.xml` file. -3. LoadState determines which user profiles should be migrated. By default, all user profiles present on the source computer are migrated. However, you can include and exclude users using the User Options. The system profile, the "All users" profile in a source computer running Windows XP, or the Public profile in a source computer running Windows Vista, Windows 7, and Windows 8, is always migrated and you cannot exclude these profiles from the migration. +3. **LoadState** determines which user profiles should be migrated. By default, all user profiles present on the source computer are migrated. However, you can include and exclude users using the **User Options**. The system profile, the Public profile in a source computer running Windows 7, Windows 8, and Windows 10 is always migrated and you can't exclude these profiles from the migration. - - If you are migrating local user accounts and if the accounts do not already exist on the destination computer, you must use the/lac command-line option. If you do not specify the **/lac** option, any local user accounts that are not already present on the destination computer, are not migrated. + - If you're migrating local user accounts and if the accounts don't already exist on the destination computer, you must use the `/lac` command-line option. If you don't specify the `/lac` option, any local user accounts that aren't already present on the destination computer, aren't migrated. - - The **/md** and **/mu** options are processed to rename the user profile on the destination computer, if they have been included when the LoadState command was specified. + - The `/md` and `/mu` options are processed to rename the user profile on the destination computer, if they've been included when the `LoadState.exe` command was specified. - - For each user profile selected from the store, LoadState creates a corresponding user profile on the destination computer. The destination computer does not need to be connected to the domain for domain user profiles to be created. If USMT cannot determine a domain, it attempts to apply the settings to a local account. For more information, see [Identify Users](usmt-identify-users.md). + - For each user profile selected from the store, **LoadState** creates a corresponding user profile on the destination computer. The destination computer doesn't need to be connected to the domain for domain user profiles to be created. If USMT can't determine a domain, it attempts to apply the settings to a local account. For more information, see [Identify Users](usmt-identify-users.md). -4. In the "Scanning" phase, LoadState does the following for each user profile: +4. In the **Scanning** phase, **LoadState** does the following for each user profile: - 1. For each component, LoadState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored. + 1. For each component, **LoadState** checks the type of the component. If the current user profile is the system profile and the component type is **System** or **UserAndSystem**, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile isn't the system profile and the component type is **User** or **UserAndSystem**, the component is selected for this user. Otherwise, this component is ignored. - **Note** - From this point on, LoadState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. LoadState evaluates all components in the same way. + > [!NOTE] + > From this point on, **LoadState** does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users' files. **LoadState** evaluates all components in the same way. - + 2. Each component that is selected is processed further. Any profile-specific variables (such as **CSIDL_PERSONAL**) are evaluated in the context of the current profile. For example, if the profile being processed belongs to **User1**, then **CSIDL_PERSONAL** would expand to `C:\Users\User1\Documents` (assuming that the user profiles are stored in the `C:\Users` directory). - 2. Each component that is selected is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents (assuming that the user profiles are stored in the C:\\Users directory). + > [!NOTE] + > **LoadState** ignores the **<detects>** section specified in a component. At this point, all specified components are considered to be detected and are selected for migration. - **Note** - LoadState ignores the <detects> section specified in a component. At this point, all specified components are considered to be detected and are selected for migration. + 3. For each selected component, **LoadState** evaluates the **<rules>** sections. For each **<rules>** section, if the current user profile is the system profile and the context of the **<rules>** section is **System** or **UserAndSystem**, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile isn't the system profile and the context of the **<rules>** section is **User** or **UserAndSystem**, the rule is processed further. Otherwise, this rule is ignored. - + 4. **LoadState** creates a master list of migration units by processing the various subsections under the **<rules>** section. Each migration unit that is in an **<include>** subsection is migrated as long, as there isn't a more specific rule for it in an **<exclude>** subsection in the same **<rules>** section. For more information about precedence, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). - 3. For each selected component, LoadState evaluates the <rules> sections. For each <rules> section, if the current user profile is the system profile and the context of the <rules> section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the <rules> section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. - - 4. LoadState creates a master list of migration units by processing the various subsections under the <rules> section. Each migration unit that is in an <include> subsection is migrated as long, as there is not a more specific rule for it in an <exclude> subsection in the same <rules> section. For more information about precedence, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). - - 5. LoadState evaluates the destination computer-specific subsections; for example, the <destinationCleanup> and <locationModify> subsections. - - 6. If the destination computer is running Windows 7 or Windows 8 then the migunits that were collected by ScanState using downlevel manifest files are processed by LoadState using the corresponding Component Manifest for Windows 7. The downlevel manifest files are not used during LoadState. - - **Important** - It is important to specify the .xml files with the LoadState command if you want LoadState to use them. Otherwise, any destination-specific rules, such as <locationModify>, in these .xml files are ignored, even if the same .xml files were provided when the ScanState command ran. - -5. In the "Apply" phase, LoadState writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there is not a <merge> rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, do not take effect until the next time the user logs on. For this reason, you should log off when the LoadState command actions have completed. - -## Related topics - -[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md) - - - - + 5. **LoadState** evaluates the destination computer-specific subsections; for example, the **<destinationCleanup>** and **<locationModify>** subsections. + 6. If the destination computer is running Windows 7, Windows 8, or Windows 10, then the migunits that were collected by **ScanState** using downlevel manifest files are processed by **LoadState** using the corresponding Component Manifest for Windows 7. The downlevel manifest files aren't used during **LoadState**. + > [!IMPORTANT] + > It is important to specify the .xml files with the `LoadState.exe` command if you want **LoadState** to use them. Otherwise, any destination-specific rules, such as **<locationModify>**, in these .xml files are ignored, even if the same .xml files were provided when the `ScanState.exe` command ran. +5. In the **Apply** phase, **LoadState** writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there isn't a **<merge>** rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, don't take effect until the next time the user logs on. For this reason, you should sign out when the `LoadState.exe` command actions have completed. +## Related articles +[User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md) diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md index 117159f522..2404de54db 100644 --- a/windows/deployment/usmt/usmt-how-to.md +++ b/windows/deployment/usmt/usmt-how-to.md @@ -1,6 +1,6 @@ --- -title: User State Migration Tool (USMT) How-to topics (Windows 10) -description: Reference the topics in this article to learn how to use User State Migration Tool (USMT) 10.0 to perform specific tasks. +title: User State Migration Tool (USMT) How-to articles (Windows 10) +description: Reference the articles in this article to learn how to use User State Migration Tool (USMT) 10.0 to perform specific tasks. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,23 +11,25 @@ ms.topic: article ms.technology: itpro-deploy --- -# User State Migration Tool (USMT) How-to topics -The following table lists topics that describe how to use User State Migration Tool (USMT) 10.0 to perform specific tasks. +# User State Migration Tool (USMT) how-to articles -## In This Section +The following table lists articles that describe how to use User State Migration Tool (USMT) 10.0 to perform specific tasks. -|Topic |Description| +## In this section + +|Article |Description| |------|-----------| -|[Exclude Files and Settings](usmt-exclude-files-and-settings.md)|Create a custom .xml file to exclude files, file types, folders, or registry settings from your migration.| -|[Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md)|Recover files from a compressed migration store after installing the operating system.| -|[Include Files and Settings](usmt-include-files-and-settings.md)|Create a custom .xml file to include files, file types, folders, or registry settings in your migration.| -|[Migrate Application Settings](migrate-application-settings.md)|Migrate the settings of an application that the MigApp.xml file does not include by default.| -|[Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md)|Migrate Encrypting File System (EFS) certificates by using USMT.| -|[Migrate User Accounts](usmt-migrate-user-accounts.md)|Specify the users to include and exclude in your migration.| -|[Reroute Files and Settings](usmt-reroute-files-and-settings.md)|Create a custom .xml file to reroute files and settings during a migration.| -|[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)|Determine whether a compressed migration store is intact, or whether it contains corrupt files or a corrupt catalog.| +|[Exclude files and settings](usmt-exclude-files-and-settings.md)|Create a custom .xml file to exclude files, file types, folders, or registry settings from your migration.| +|[Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md)|Recover files from a compressed migration store after installing the operating system.| +|[Include files and settings](usmt-include-files-and-settings.md)|Create a custom .xml file to include files, file types, folders, or registry settings in your migration.| +|[Migrate application settings](migrate-application-settings.md)|Migrate the settings of an application that the MigApp.xml file doesn't include by default.| +|[Migrate EFS files and certificates](usmt-migrate-efs-files-and-certificates.md)|Migrate Encrypting File System (EFS) certificates by using USMT.| +|[Migrate user accounts](usmt-migrate-user-accounts.md)|Specify the users to include and exclude in your migration.| +|[Reroute files and settings](usmt-reroute-files-and-settings.md)|Create a custom .xml file to reroute files and settings during a migration.| +|[Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md)|Determine whether a compressed migration store is intact, or whether it contains corrupt files or a corrupt catalog.| -## Related topics -- [User State Migration Tool (USMT) Overview Topics](usmt-topics.md) -- [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) -- [User State Migration Toolkit (USMT) Reference](usmt-reference.md) +## Related articles + +- [User State Migration Tool (USMT) overview topics](usmt-topics.md) +- [User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md) +- [User State Migration Toolkit (USMT) reference](usmt-reference.md) diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 7351df80a0..8f8267209c 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -29,7 +29,7 @@ The ScanState command is used with the User State Migration Tool (USMT) 10.0 to [User Options](#bkmk-useroptions) -[Encrypted File Options](#bkmk-efs) +[Encrypted file options](#encrypted-file-options) [Incompatible Command-Line Options](#bkmk-iclo) @@ -184,7 +184,7 @@ The /**uel** option takes precedence over the /**ue** option. If a user has logg |Include only the domain users from Contoso, except Contoso\User1.|This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following commands:
  • On the **ScanState** command line, type: `/ue:*\* /ui:contoso\*`
  • On the **LoadState** command line, type: `/ue:contoso\user1`
| |Include only local (non-domain) users.|`/ue:*\* /ui:%computername%\*`| -## Encrypted File Options +## Encrypted file options You can use the following options to migrate encrypted files. In all cases, by default, USMT fails if an encrypted file is found unless you specify an /**efs** option. To migrate encrypted files, you must change the default behavior. From 8697bb7b4666bbdbf6cf7857d2ac574cc4826ade Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Wed, 2 Nov 2022 17:51:49 -0400 Subject: [PATCH 012/108] Metadata update deployment/usmt 10 --- .../usmt-identify-application-settings.md | 46 ++++++--------- ...t-identify-file-types-files-and-folders.md | 38 +++++-------- ...usmt-identify-operating-system-settings.md | 37 ++++-------- .../deployment/usmt/usmt-identify-users.md | 57 ++++++++++--------- 4 files changed, 73 insertions(+), 105 deletions(-) diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md index e3c81ca9bd..c41eb9b57a 100644 --- a/windows/deployment/usmt/usmt-identify-application-settings.md +++ b/windows/deployment/usmt/usmt-identify-application-settings.md @@ -1,6 +1,6 @@ --- title: Identify Applications Settings (Windows 10) -description: Identify which applications and settings you want to migrate before using the User State Migration Tool (USMT). +description: Identify which applications and settings you want to migrate before using the User State Migration Tool (USMT). ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,50 +11,36 @@ ms.topic: article ms.technology: itpro-deploy --- -# Identify Applications Settings +# Identify applications settings - -When planning for your migration, you should identify which applications and settings you want to migrate. For more information about how to create a custom .xml file to migrate the settings of another application, see [Customize USMT XML Files](usmt-customize-xml-files.md). +When planning for your migration, you should identify which applications and settings you want to migrate. For more information about how to create a custom .xml file to migrate the settings of another application, see [Customize USMT XML files](usmt-customize-xml-files.md). ## Applications +First, create and prioritize a list of applications that need to be migrated. It may be helpful to review the application lists and decide which applications will be redeployed and which applications will be retired. Often, what applications are migrated are prioritized based on a combination of how widely the application is used and how complex the application is. -First, create and prioritize a list of applications that to be migrated. It may be helpful to review the application lists and decide which applications will be redeployed and which applications will be retired. Often, the applications are prioritized based on a combination of how widely the application is used and how complex the application is. +Next, identify an application owner to be in charge of each application. Application ownership identification is necessary because the developers won't be experts on all of the applications in the organization. The application owner should have the most experience with an application. The application owner provides insight into how the organization installs, configures, and uses the application. -Next, identify an application owner to be in charge of each application. This is necessary because the developers will not be experts on all of the applications in the organization. The application owner should have the most experience with an application. The application owner provides insight into how the organization installs, configures, and uses the application. +## Application settings -## Application Settings +Next, determine and locate the application settings to be migrated. You can acquire much of the information that you need for this step when you're testing the new applications for compatibility with the new operating system. +After completing the list of applications to be migrated, review the list, and work with each application owner on a list of settings to be migrated. For each setting, determine whether it needs to be migrated or if the default settings are adequate. Then, determine where the setting is located; for example, in the registry or in an .ini file. Next, consider the following questions to determine what needs to be done to migrate the setting successfully: -Next, determine and locate the application settings to be migrated. You can acquire much of the information that you need for this step when you are testing the new applications for compatibility with the new operating system. +- Is the destination version of the application newer than the source version? -After completing the list of applications to be migrated, review the list and work with each application owner on a list of settings to be migrated. For each setting, determine whether it needs to be migrated or if the default settings are adequate. Then, determine where the setting is located; for example, in the registry or in an .ini file. Next, consider the following questions to determine what needs to be done to migrate the setting successfully: +- Do these settings work with the new version? -- Is the destination version of the application newer than the source version? +- Do the settings need to be moved or altered? -- Do these settings work with the new version? - -- Do the settings need to be moved or altered? - -- Can the first-run process force the application to appear as if it had run already? If so, does this work correctly, or does it break the application? +- Can the first-run process force the application to appear as if it had run already? If so, does this work correctly, or does it break the application? After answering these questions, create a custom .xml file to migrate settings. Work with the application owner to develop test cases and to determine the file types that need to be migrated for the application. -## Locating Where Settings Are Stored - - -See [Migrate Application Settings](migrate-application-settings.md) and follow the directions. - -## Related topics - - -[Determine What to Migrate](usmt-determine-what-to-migrate.md) - -  - -  - - +## Locating where settings are stored +See [Migrate application settings](migrate-application-settings.md) and follow the directions. +## Related articles +[Determine what to migrate](usmt-determine-what-to-migrate.md) diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md index 155b67b822..01625d4d37 100644 --- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md +++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md @@ -11,39 +11,31 @@ ms.topic: article ms.technology: itpro-deploy --- -# Identify File Types, Files, and Folders +# Identify file types, files, and folders +When planning for your migration, if not using MigDocs.xml, you should identify the file types, files, folders, and settings that you want to migrate. First, you should determine the standard file locations on each computer, such as **My Documents** , `C:\Data` , and company-specified locations, such as `\\EngineeringDrafts`. Next, you should determine and locate the non-standard locations. For non-standard locations, consider the following items: -When planning for your migration, if not using MigDocs.xml, you should identify the file types, files, folders, and settings that you want to migrate. First, you should determine the standard file locations on each computer, such as **My Documents.** , **C:\\Data** , and company-specified locations, such as **\\EngineeringDrafts**. Next, you should determine and locate the non-standard locations. For non-standard locations, consider the following: +- **File types**. Consider which file types need to be included and excluded from the migration. You can create this list based on common applications used in your organization. Applications normally use specific file name extensions. For example, Microsoft Office Word primarily uses `.doc`, `.docx` and `.dotx` file name extension. However, it also uses other file types, such as templates (`.dot` files), on a less frequent basis. -- **File types**. Consider which file types need to be included and excluded from the migration. You can create this list based on common applications used in your organization. Applications normally use specific file name extensions. For example, Microsoft Office Word primarily uses .doc, .docx and .dotx file name extension. However, it also uses other file types, such as templates (.dot files), on a less frequent basis. +- **Excluded locations**. Consider the locations on the computer that should be excluded from the migration (for example, `%WINDIR%` and **Program Files**). -- **Excluded locations**. Consider the locations on the computer that should be excluded from the migration (for example, %WINDIR% and Program Files). +- **New locations**. Decide where files should be migrated to on the destination computer, such as **My Documents**, a designated folder, or a folder matching the files' name and location on the source computer. For example, you might have shared data on source machine or you might wish to clean up documents outside the user profiles on the source system. Identify any data that needs to be redirected to a new location in the apply phase. Redirection can be accomplished with location modify rules. -- **New locations**. Decide where files should be migrated to on the destination computer for example, \\My Documents, a designated folder, or a folder matching the files' name and location on the source computer. For example, you might have shared data on source machine or you might wish to clean up documents outside the user profiles on the source system. Identify any data that needs to be redirected to a new location in the apply phase. This can be accomplished with location modify rules. +Once you've verified which files and file types that the end users work with regularly, you'll need to locate them. Files may be saved to a single folder or scattered across a drive. A good starting point for finding files types to include is to look at the registered file types on the computer. -Once you have verified which files and file types that the end users work with regularly, you will need to locate them. Files may be saved to a single folder or scattered across a drive. A good starting point for finding files types to include is to look at the registered file types on the computer. +To find the registered file types on a computer running Windows 7, Windows 8, Windows 10, or Windows 11: -**To find the registered file types on a computer running Windows 7 or Windows 8** +1. Open **Control Panel** +2. Make sure **View by:** is set to **Category** and then select **Programs**. -1. Click **Start**. Open **Control Panel**, click **Control Panel Home**, and click **Programs**. - -2. Click **Default Programs**, and click **Associate a file type or protocol with a program**. - -3. On this screen, the registered file types are displayed. - -For more information about how to change the file types, files, and folders that are migrated when you specify the MigUser.xml file, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). - -## Related topics - - -[Determine What to Migrate](usmt-determine-what-to-migrate.md) - -  - -  +3. Select **Default Programs** +4. select **Associate a file type or protocol with a program**. +5. On this screen, the registered file types are displayed. +For more information about how to change the file types, files, and folders that are migrated when you specify the MigUser.xml file, see [User State Migration Tool (USMT) how-to topics](usmt-how-to.md). +## Related articles +[Determine what to migrate](usmt-determine-what-to-migrate.md) diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md index c41480ca72..9b3d93da8e 100644 --- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md +++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md @@ -11,48 +11,35 @@ ms.topic: article ms.technology: itpro-deploy --- -# Identify Operating System Settings +# Identify operating system settings +When planning for your migration, you should identify which operating system settings you want to migrate and to what extent you want to create a new standard environment on each of the computers. User State Migration Tool (USMT) 10.0 enables you to migrate select settings and keep the default values for all others. The operating system settings include the following parameters: -When planning for your migration, you should identify which operating system settings you want to migrate and to what extent you want to create a new standard environment on each of the computers. User State Migration Tool (USMT) 10.0 enables you to migrate select settings and keep the default values for all others. The operating system settings include the following parameters: - -- **Appearance.** +- **Appearance** The appearance factor includes items such as wallpaper, colors, sounds, and the location of the taskbar. -- **Action.** +- **Action** The action factor includes items such as the key-repeat rate, whether double-clicking a folder opens it in a new window or the same window, and whether you need to single-click or double-click an item to open it. -- **Internet.** +- **Internet** The Internet factor includes the settings that let you connect to the Internet and control how your browser operates. The settings include items such as your home page URL, favorites, bookmarks, cookies, security settings, dial-up connections, and proxy settings. -- **Mail.** +- **Mail** The mail factor includes the information that you need to connect to your mail server, your signature file, views, mail rules, local mail, and contacts. -To help you decide which settings to migrate, you should consider any previous migration experiences and the results of any surveys and tests that you have conducted. You should also consider the number of help-desk calls related to operating-system settings that you have had in the past, and are able to handle in the future. Also decide how much of the new operating-system functionality you want to take advantage of. +To help you decide which settings to migrate, you should consider any previous migration experiences and the results of any surveys and tests that you've conducted. You should also consider the number of help-desk calls related to operating-system settings that you've had in the past, and are able to handle in the future. Also decide how much of the new operating-system functionality you want to take advantage of. -You should migrate any settings that users need to get their jobs done, those settings that make the work environment comfortable, and those settings that will reduce help-desk calls after the migration. Although it is easy to dismiss migrating user preferences, you should consider the factor of users spending a significant amount of time restoring items such as wallpaper, screen savers, and other customizable user-interface features. Most users do not remember how these settings were applied. Although these items are not critical to migration success, migrating these items increases user productivity and overall satisfaction of the migration process. +You should migrate any settings that users need to get their jobs done, those settings that make the work environment comfortable, and those settings that will reduce help-desk calls after the migration. Although it's easy to dismiss migrating user preferences, you should consider the factor of users spending a significant amount of time restoring items such as wallpaper, screen savers, and other customizable user-interface features. Most users don't remember how these settings were applied. Although these items aren't critical to migration success, migrating these items increases user productivity and overall satisfaction of the migration process. -**Note**   -For more information about how to change the operating-system settings that are migrated, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). +> [!NOTE] +> For more information about how to change the operating-system settings that are migrated, see [User State Migration Tool (USMT) how-to topics](usmt-how-to.md). -For information about the operating-system settings that USMT migrates, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) - - - -## Related topics +For information about the operating-system settings that USMT migrates, see [What does USMT migrate?](usmt-what-does-usmt-migrate.md) +## Related articles [Determine What to Migrate](usmt-determine-what-to-migrate.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md index c25468f2ed..772cef9f85 100644 --- a/windows/deployment/usmt/usmt-identify-users.md +++ b/windows/deployment/usmt/usmt-identify-users.md @@ -1,6 +1,6 @@ --- title: Identify Users (Windows 10) -description: Learn how to identify users you plan to migrate, as well as how to migrate local accounts and domain accounts. +description: Learn how to identify users you plan to migrate, and how to migrate local accounts and domain accounts. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -12,53 +12,56 @@ ms.technology: itpro-deploy ms.date: 11/01/2022 --- -# Identify Users +# Identify users -It is important to carefully consider how you plan to migrate users. By default, all users are migrated by User State Migration Tool (USMT) 5.0. You must specify which users to include by using the command line. You cannot specify users in the .xml files. For instructions on how to migrate users, see [Migrate User Accounts](usmt-migrate-user-accounts.md). +It's important to carefully consider how you plan to migrate users. By default, all users are migrated by User State Migration Tool (USMT) 5.0. You must specify which users to include by using the command line. You can't specify users in the .xml files. For instructions on how to migrate users, see [Migrate user accounts](usmt-migrate-user-accounts.md). ## In this topic -- [Migrating Local Accounts](#bkmk-8) -- [Migrating Domain Accounts](#bkmk-9) -- [Command-Line Options](#bkmk-7) +- [Identify users](#identify-users) + - [In this topic](#in-this-topic) + - [Migrating local accounts](#migrating-local-accounts) + - [Migrating domain accounts](#migrating-domain-accounts) + - [Command-line options](#command-line-options) + - [Related articles](#related-articles) -## Migrating Local Accounts +## Migrating local accounts -Before migrating local accounts, note the following: +Before migrating local accounts, be aware of the following items: -- [You must explicitly specify that local accounts that are not on the destination computer should be migrated.](#bkmk-8) If you are migrating local accounts and the local account does not exist on the destination computer, you must use the **/lac** option when using the LoadState command. If the **/lac** option is not specified, no local user accounts will be migrated. +- **You must explicitly specify that local accounts that are not on the destination computer should be migrated**. If you're migrating local accounts and the local account doesn't exist on the destination computer, you must use the `/lac` option when using the `LoadState.exe` command. If the `/lac` option isn't specified, no local user accounts will be migrated. -- [Consider whether to enable user accounts that are new to the destination computer.](#bkmk-8) The **/lae** option enables the account that was created with the **/lac** option. However, if you create a disabled local account by using only the **/lac** option, a local administrator must enable the account on the destination computer. +- **Consider whether to enable user accounts that are new to the destination computer.** The `/lae` option enables the account that was created with the `/lac` option. However, if you create a disabled local account by using only the `/lac` option, a local administrator must enable the account on the destination computer. -- [Be careful when specifying a password for local accounts.](#bkmk-8) If you create the local account with a blank password, anyone could log on to that account on the destination computer. If you create the local account with a password, the password is available to anyone with access to the USMT command-line tools. +- **Be careful when specifying a password for local accounts.** If you create the local account with a blank password, anyone could sign in that account on the destination computer. If you create the local account with a password, the password is available to anyone with access to the USMT command-line tools. ->[!NOTE] ->If there are multiple users on a computer, and you specify a password with the **/lac** option, all migrated users will have the same password. +> [!NOTE] +> If there are multiple users on a computer, and you specify a password with the `/lac` option, all migrated users will have the same password. -## Migrating Domain Accounts +## Migrating domain accounts -The source and destination computers do not need to be connected to the domain for domain user profiles to be migrated. +The source and destination computers don't need to be connected to the domain for domain user profiles to be migrated. -## Command-Line Options +## Command-line options USMT provides several options to migrate multiple users on a single computer. The following command-line options specify which users to migrate. -- [Specifying users.](#bkmk-8) You can specify which users to migrate with the **/all**, **/ui**, **/uel**, and **/ue** options with both the ScanState and LoadState command-line tools. +- **Specifying users.** You can specify which users to migrate with the `/all`, `/ui`, `/uel`, and `/ue` options with both the **ScanState** and **LoadState** command-line tools. - >[!IMPORTANT] - >The **/uel** option excludes users based on the **LastModified** date of the Ntuser.dat file. The **/uel** option is not valid in offline migrations. + > [!IMPORTANT] + > The `/uel` option excludes users based on the **LastModified** date of the `Ntuser.dat` file. The `/uel` option is not valid in offline migrations. -- [Moving users to another domain.](#bkmk-8) You can move user accounts to another domain using the **/md** option with the LoadState command-line tool. +- **Moving users to another domain.** You can move user accounts to another domain using the `/md` option with the **LoadState** command-line tool. -- [Creating local accounts.](#bkmk-8) You can create and enable local accounts using the **/lac** and **/lae** options with the LoadState command-line tool. +- **Creating local accounts.** You can create and enable local accounts using the `/lac` and `/lae` options with the **LoadState** command-line tool. -- [Renaming user accounts.](#bkmk-8) You can rename user accounts using the **/mu** option. +- **Renaming user accounts.** You can rename user accounts using the `/mu` option. - >[!NOTE] + > [!NOTE] >By default, if a user name is not specified in any of the command-line options, the user will be migrated. -## Related topics +## Related articles -[Determine What to Migrate](usmt-determine-what-to-migrate.md)
-[ScanState Syntax](usmt-scanstate-syntax.md)
-[LoadState Syntax](usmt-loadstate-syntax.md) +- [Determine what to migrate](usmt-determine-what-to-migrate.md) +- [ScanState syntax](usmt-scanstate-syntax.md) +- [LoadState syntax](usmt-loadstate-syntax.md) From 6d2062d9a71b5ddbd2f6efad355b7d59c386facd Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Thu, 3 Nov 2022 17:26:08 -0400 Subject: [PATCH 013/108] Metadata update deployment/usmt 11 --- ...rted-with-the-user-state-migration-tool.md | 8 - .../usmt/migrate-application-settings.md | 14 -- .../usmt/migration-store-types-overview.md | 8 - .../usmt/offline-migration-reference.md | 14 -- .../usmt/understanding-migration-xml-files.md | 26 -- .../usmt/usmt-command-line-syntax.md | 2 +- windows/deployment/usmt/usmt-common-issues.md | 64 ++--- .../usmt/usmt-common-migration-scenarios.md | 20 -- .../deployment/usmt/usmt-configxml-file.md | 88 ++----- .../usmt/usmt-conflicts-and-precedence.md | 26 -- .../usmt/usmt-custom-xml-examples.md | 8 +- .../usmt/usmt-customize-xml-files.md | 14 -- .../usmt-estimate-migration-store-size.md | 8 - ...files-from-a-compressed-migration-store.md | 14 +- .../usmt/usmt-general-conventions.md | 6 - .../usmt/usmt-hard-link-migration-store.md | 22 -- .../deployment/usmt/usmt-identify-users.md | 9 - .../usmt/usmt-include-files-and-settings.md | 93 +++---- .../deployment/usmt/usmt-loadstate-syntax.md | 112 +++++---- windows/deployment/usmt/usmt-log-files.md | 233 +++++++++--------- ...usmt-migrate-efs-files-and-certificates.md | 44 ++-- .../usmt/usmt-migrate-user-accounts.md | 81 +++--- .../usmt/usmt-migration-store-encryption.md | 22 +- windows/deployment/usmt/usmt-overview.md | 36 +-- .../usmt/usmt-plan-your-migration.md | 22 +- .../usmt-recognized-environment-variables.md | 175 +++++++------ windows/deployment/usmt/usmt-reference.md | 26 +- windows/deployment/usmt/usmt-requirements.md | 93 ++++--- .../deployment/usmt/usmt-scanstate-syntax.md | 4 +- .../usmt/usmt-xml-elements-library.md | 4 +- 30 files changed, 484 insertions(+), 812 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 801dd76b13..6877961d15 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -15,14 +15,6 @@ ms.date: 11/01/2022 This article outlines the general process that you should follow to migrate files and settings. -## In this topic - -- [Step 1: Plan your migration](#step-1-plan-your-migration) - -- [Step 2: Collect files and settings from the source computer](#step-2-collect-files-and-settings-from-the-source-computer) - -- [Step 3: Prepare the destination computer and restore files and settings](#step-3-prepare-the-destination-computer-and-restore-files-and-settings) - ## Step 1: Plan your migration 1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md). diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 27feed854b..02d47cae69 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -19,20 +19,6 @@ This article defines how to author a custom migration .xml file that migrates th This article doesn't contain information about how to migrate applications that store settings in an application-specific store, only the applications that store the information in files or in the registry. It also doesn't contain information about how to migrate the data that users create using the application. For example, if the application creates .doc files using a specific template, this article doesn't discuss how to migrate the .doc files and templates themselves. -## In this topic - -- [Before you begin](#before-you-begin) - -- [Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer](#step-1-verify-that-the-application-is-installed-on-the-source-computer-and-that-its-the-same-version-as-the-version-to-be-installed-on-the-destination-computer). - -- [Step 2: Identify settings to collect and determine where each setting is stored on the computer](#step-2-identify-settings-to-collect-and-determine-where-each-setting-is-stored-on-the-computer). - -- [Step 3: Identify how to apply the gathered settings](#step-3-identify-how-to-apply-the-gathered-settings). - -- [Step 4: Create the migration XML component for the application](#step-4-create-the-migration-xml-component-for-the-application). - -- [Step 5: Test the application settings migration](#step-5-test-the-application-settings-migration). - ## Before you begin You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 7 on your test computer and then install the application. diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index cd170fadb4..d2cc3a4ec4 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -15,14 +15,6 @@ ms.technology: itpro-deploy When planning your migration, you should determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers. You should also determine the space needed to create and host the migration store, whether you're using a local share, network share, or storage device. -## In this topic - -[Migration store types](#migration-store-types) - -[Local store vs. remote store](#local-store-vs-remote-store) - -[The /localonly command-line option](#the-localonly-command-line-option) - ## Migration store types This section describes the three migration store types available in USMT. diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 4a60f02043..b7ab0afb24 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -27,20 +27,6 @@ When you use User State Migration Tool (USMT) 10.0 to gather and restore user st - **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE. -## In this topic - -- [What will migrate offline?](#what-will-migrate-offline) - -- [What offline environments are supported?](#what-offline-environments-are-supported) - -- [User-group membership and profile control](#user-group-membership-and-profile-control) - -- [Command-line options](#command-line-options) - -- [Environment variables](#environment-variables) - -- [Offline.xml elements](#offlinexml-elements) - ## What will migrate offline? The following user data and settings migrate offline, similar to an online migration: diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 25cebd9242..62d1b5eda8 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -17,32 +17,6 @@ You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 mig This article provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the `MigDocs.xml` file. The `MigDocs.xml` file uses the new `GenerateDocPatterns` function available in USMT to automatically find user documents on a source computer. -## In this topic - -[Overview of the Config.xml file](#overview-of-the-configxml-file) - -[Overview of the MigApp.xml file](#overview-of-the-migappxml-file) - -[Overview of the MigDocs.xml file](#overview-of-the-migdocsxml-file) - -[Overview of the MigUser.xml file](#overview-of-the-miguserxml-file) - -[Using multiple XML files](#using-multiple-xml-files) - -[XML rules for migrating user files](#xml-rules-for-migrating-user-files) - -[The GenerateDocPatterns function](#the-generatedocpatterns-function) - -[Understanding the system and user context](#understanding-the-system-and-user-context) - -[Sample migration rules for customized versions of XML files](#sample-migration-rules-for-customized-versions-of-xml-files) - -[Exclude rules usage examples](#exclude-rules-usage-examples) - -[Include rules usage examples](#include-rules-usage-examples) - -[Next Steps](#next-steps) - ## Overview of the Config.xml file The `Config.xml` file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The `Config.xml` file can be used with other XML files, such as in the following example: diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 74c1c3c801..d7332ed880 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -15,7 +15,7 @@ ms.technology: itpro-deploy The User State Migration Tool (USMT) 10.0 migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation. -## In This Section +## In this Section | Link | Description | |--- |--- | diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 48dcbd4b35..31de16f3e7 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -11,36 +11,20 @@ ms.topic: article ms.technology: itpro-deploy --- -# Common Issues +# Common issues The following sections discuss common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. USMT produces log files that describe in further detail any errors that occurred during the migration process. These logs can be used to troubleshoot migration failures. -## In this topic - -[User account problems](#user-account-problems) - -[Command-line problems](#command-line-problems) - -[XML file problems](#xml-file-problems) - -[Migration problems](#migration-problems) - -[Offline migration problems](#offline-migration-problems) - -[Hard link migration problems](#hard-link-migration-problems) - -[USMT doesn't migrate the Start layout](#usmt-doesnt-migrate-the-start-layout) - -## General Guidelines for Identifying Migration Problems +## General guidelines for identifying migration problems When you encounter a problem or error message during migration, you can use the following general guidelines to help determine the source of the problem: -- Examine the ScanState, LoadState, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). For more information about Windows API error messages, type **nethelpmsg** on the command line. +- Examine the **ScanState**, **LoadState**, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return codes](usmt-return-codes.md). For more information about Windows API error messages, type **nethelpmsg** on the command line. - In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the `/v:5` option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger. + In most cases, the **ScanState** and **LoadState** logs indicate why a USMT migration is failing. We recommend that you use the `/v:5` option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger. > [!NOTE] - > Running the ScanState and LoadState tools with the `/v:5` option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred. + > Running the **ScanState** and **LoadState** tools with the `/v:5` option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred. - Use the `/Verify` option with the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md). @@ -50,9 +34,9 @@ When you encounter a problem or error message during migration, you can use the - For the source and destination computers, obtain operating system information, and versions of applications such as Internet Explorer and any other relevant programs. Then verify the exact steps that are needed to reproduce the problem. This information might help you to understand what is wrong and to reproduce the issue in your testing environment. -- Sign out after you run the LoadState tool. Some settings such as fonts, desktop backgrounds, and screen-saver settings won't take effect until the next time the end user logs on. +- Sign out after you run the **LoadState** tool. Some settings such as fonts, desktop backgrounds, and screen-saver settings won't take effect until the next time the end user logs on. -- Close all applications before running ScanState or LoadState tools. If some applications are running during the ScanState or LoadState process, USMT might not migrate some data. For example, if Microsoft Outlook® is open, USMT might not migrate PST files. +- Close all applications before running **ScanState** or **LoadState** tools. If some applications are running during the **ScanState** or **LoadState** process, USMT might not migrate some data. For example, if Microsoft Outlook® is open, USMT might not migrate PST files. > [!NOTE] > USMT will fail if it can't migrate a file or setting unless you specify the `/c` option. When you specify the `/c` option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that didn't migrate. @@ -69,7 +53,7 @@ The following sections describe common user account problems. Expand the section **Causes/Resolutions** There are two possible causes for this problem: -When running the ScanState and LoadState tools on Windows 7, Windows 8, or Windows 10, you must run them in Administrator mode from an account with administrative credentials to ensure that all specified users are migrated. To run in Administrator mode: +When running the **ScanState** and LoadState tools on Windows 7, Windows 8, or Windows 10, you must run them in Administrator mode from an account with administrative credentials to ensure that all specified users are migrated. To run in Administrator mode: 1. Select **Start** > **All Programs** > **Accessories**. @@ -97,7 +81,7 @@ Any user accounts on the computer that haven't been used won't be migrated. For ### The LoadState tool reports an error as return code 71 and fails to restore a user profile during a migration test -**Cause:** During a migration test, if you run the ScanState tool on your test computer and then delete user profiles in order to test the LoadState tool on the same computer, you may have a conflicting key present in the registry. Using the **net use** command to remove a user profile will delete folders and files associated with that profile, but won't remove the registry key. +**Cause:** During a migration test, if you run the **ScanState** tool on your test computer and then delete user profiles in order to test the **LoadState** tool on the same computer, you may have a conflicting key present in the registry. Using the **net use** command to remove a user profile will delete folders and files associated with that profile, but won't remove the registry key. **Resolution:** To delete a user profile, use the **User Accounts** item in Control Panel. To correct an incomplete deletion of a user profile: @@ -111,17 +95,17 @@ Any user accounts on the computer that haven't been used won't be migrated. For ### Files that weren't encrypted before the migration are now encrypted with the account used to run the LoadState tool -**Cause:** The ScanState tool was run using the `/EFS:copyraw` option to migrate encrypted files and Encrypting File System (EFS) certificates. The encryption attribute was set on a folder that was migrated, but the attribute was removed from file contents of that folder prior to migration. +**Cause:** The **ScanState** tool was run using the `/EFS:copyraw` option to migrate encrypted files and Encrypting File System (EFS) certificates. The encryption attribute was set on a folder that was migrated, but the attribute was removed from file contents of that folder prior to migration. -**Resolution:** Before using the ScanState tool for a migration that includes encrypted files and EFS certificates, you can run the Cipher tool at the command prompt to review and change encryption settings on files and folders. You must remove the encryption attribute from folders that contain unencrypted files or encrypt the contents of all files within an encrypted folder. +**Resolution:** Before using the **ScanState** tool for a migration that includes encrypted files and EFS certificates, you can run the Cipher tool at the command prompt to review and change encryption settings on files and folders. You must remove the encryption attribute from folders that contain unencrypted files or encrypt the contents of all files within an encrypted folder. -To remove encryption from files that have already been migrated incorrectly, you must sign into the computer with the account that you used to run the LoadState tool and then remove the encryption from the affected files. +To remove encryption from files that have already been migrated incorrectly, you must sign into the computer with the account that you used to run the **LoadState** tool and then remove the encryption from the affected files. ### The LoadState tool reports an error as return code 71 and a Windows Error 2202 in the log file **Cause:** The computer name was changed during an offline migration of a local user profile. -**Resolution:** You can use the `/mu` option when you run the LoadState tool to specify a new name for the user. For example, +**Resolution:** You can use the `/mu` option when you run the **LoadState** tool to specify a new name for the user. For example, ``` syntax loadstate.exe /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore @@ -134,13 +118,13 @@ The following sections describe common command-line problems. Expand the section ### I received the following error message: "Usage Error: You can't specify a file path with any of the command-line options that exceeds 256 characters." -**Cause:** You might receive this error message in some cases even if you don't specify a long store or file path, because the path length is calculated based on the absolute path. For example, if you run the `scanstate.exe /o store` command from `C:\Program Files\USMT40`, then each character in "`C:\Program Files\USMT40`" will be added to the length of "store" to get the length of the path. +**Cause:** You might receive this error message in some cases even if you don't specify a long store or file path, because the path length is calculated based on the absolute path. For example, if you run the ` **ScanState**.exe /o store` command from `C:\Program Files\USMT40`, then each character in "`C:\Program Files\USMT40`" will be added to the length of "store" to get the length of the path. **Resolution:** Ensure that the total path length doesn't exceed 256 characters. The total path length includes the store path plus the current directory. ### I received the following error message: "USMT was unable to create the log file(s). Ensure that you have write access to the log directory." -**Cause:** If you're running the ScanState or LoadState tools from a shared network resource, you'll receive this error message if you don't specify `/l`. +**Cause:** If you're running the **ScanState** or **LoadState** tools from a shared network resource, you'll receive this error message if you don't specify `/l`. **Resolution:** To fix this issue in this scenario, specify the `/l:scan.log` or `/l:load.log` option. @@ -164,7 +148,7 @@ The following sections describe common XML file problems. Expand the section to **Cause:** Typically, this issue is caused by incorrect syntax used in a helper function. You receive a Success return code, but the files you wanted to migrate didn't get collected or applied, or weren't collected or applied in the way you expected. -**Resolution:** You should search the ScanState or LoadState log for either the component name that contains the MigXML helper function, or the MigXML helper function title, so that you can locate the related warning in the log file. +**Resolution:** You should search the **ScanState** or **LoadState** log for either the component name that contains the MigXML helper function, or the MigXML helper function title, so that you can locate the related warning in the log file. ## Migration problems @@ -196,7 +180,7 @@ The following sections describe common migration problems. Expand the section to There are three typical causes for this issue. -**Cause**: Some settings such as fonts, desktop backgrounds, and screen-saver settings aren't applied by LoadState until after the destination computer has been restarted. +**Cause**: Some settings such as fonts, desktop backgrounds, and screen-saver settings aren't applied by **LoadState** until after the destination computer has been restarted. **Resolution:** To fix this issue, sign out, and then log back on to see the migrated desktop background. @@ -205,9 +189,9 @@ There are three typical causes for this issue. **Resolution:** Ensure that the desktop background images that you want to migrate aren't in the \\WINDOWS\\Web\\Wallpaper folder on the source computer. -**Cause \#3:** If ScanState wasn't run on Windows XP from an account with administrative credentials, some operating system settings won't migrate. For example, desktop background settings, screen-saver selections, modem options, media-player settings, and Remote Access Service (RAS) connection phone book (.pbk) files and settings won't migrate. +**Cause \#3:** If **ScanState** wasn't run on Windows XP from an account with administrative credentials, some operating system settings won't migrate. For example, desktop background settings, screen-saver selections, modem options, media-player settings, and Remote Access Service (RAS) connection phone book (.pbk) files and settings won't migrate. -**Resolution:** Run the ScanState and LoadState tools from within an account with administrative credentials. +**Resolution:** Run the **ScanState** and **LoadState** tools from within an account with administrative credentials. ---> ### I included MigApp.xml in the migration, but some PST files aren't migrating @@ -252,15 +236,15 @@ The following sections describe common offline migration problems. Expand the se ### The ScanState tool fails with return code 26 -**Cause:** A common cause of return code 26 is that a temp profile is active on the source computer. This profile maps to c:\\users\\temp. The ScanState log shows a MigStartupOfflineCaught exception that includes the message "User profile duplicate SID error". +**Cause:** A common cause of return code 26 is that a temp profile is active on the source computer. This profile maps to c:\\users\\temp. The **ScanState** log shows a **MigStartupOfflineCaught** exception that includes the message **User profile duplicate SID error**. -**Resolution:** You can reboot the computer to get rid of the temp profile or you can set MIG\_FAIL\_ON\_PROFILE\_ERROR=0 to skip the error and exclude the temp profile. +**Resolution:** You can reboot the computer to get rid of the temp profile or you can set **MIG_FAIL_ON_PROFILE_ERROR=0** to skip the error and exclude the temp profile. ### Include and Exclude rules for migrating user profiles don't work the same offline as they do online **Cause:** When offline, the DNS server can't be queried to resolve the user name and SID mapping. -**Resolution:** Use a Security Identifier (SID) to include a user when running the ScanState tool. For example: +**Resolution:** Use a Security Identifier (SID) to include a user when running the **ScanState** tool. For example: ``` syntax Scanstate.exe /ui:S1-5-21-124525095-708259637-1543119021* @@ -272,9 +256,9 @@ You can also use patterns for SIDs that identify generic users or groups. For ex ### My script to wipe the disk fails after running the ScanState tool on a 64-bit system -**Cause:** The HKLM registry hive isn't unloaded after the ScanState tool has finished running. +**Cause:** The HKLM registry hive isn't unloaded after the **ScanState** tool has finished running. -**Resolution:** Reboot the computer or unload the registry hive at the command prompt after the ScanState tool has finished running. For example, at a command prompt, type: +**Resolution:** Reboot the computer or unload the registry hive at the command prompt after the **ScanState** tool has finished running. For example, at a command prompt, type: ``` syntax reg.exe unload hklm\$dest$software diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index 5d5b8343a8..f9aedeef22 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -17,26 +17,6 @@ You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating One common scenario is when the operating system is upgraded on existing hardware without the hardware being replaced. This scenario is referred to as *PC-refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system. -**In this article:** - -[PC-refresh](#pc-refresh) - -[Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#scenario-one-pc-refresh-offline-using-windows-pe-and-a-hard-link-migration-store) - -[Scenario Two: PC-refresh using a compressed migration store](#scenario-two-pc-refresh-using-a-compressed-migration-store) - -[Scenario Three: PC-refresh using a hard-link migration store](#scenario-three-pc-refresh-using-a-hard-link-migration-store) - -[Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store](#scenario-four-pc-refresh-using-windowsold-folder-and-a-hard-link-migration-store) - -[PC-replacement](#pc-replacement) - -[Scenario One: Offline migration using Windows PE and an external migration store](#scenario-one-offline-migration-using-windows-pe-and-an-external-migration-store) - -[Scenario Two: Manual network migration](#scenario-two-manual-network-migration) - -[Scenario Three: Managed network migration](#scenario-three-managed-network-migration) - ## PC-refresh The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer. diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 8c2219cf8e..4d4f72d27c 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -24,73 +24,17 @@ For more information about using the `Config.xml` file with other migration file > [!NOTE] > To exclude a component from the `Config.xml` file, set the **migrate** value to **no**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration. -## In this topic +## Migration Policies In USMT there are new migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the `Config.xml` file only. -[<Policies>](#policies) - -[<ErrorControl>](#errorcontrol) - - - -[<fatal>](#fatal) - -[<fileError>](#fileerror) - -[<nonfatal>](#nonfatal) - -[<registryError>](#registryerror) - -[<HardLinkStoreControl>](#hardlinkstorecontrol) - -[<fileLocked>](#filelocked) - -[<createHardLink>](#createhardlink) - -[<errorHardLink>](#errorhardlink) - -[<ProfileControl>](#profilecontrol) - -[<localGroups>](#localgroups) - -[<mappings>](#mappings) - -[<changeGroup>](#changegroup) - -[<include>](#include) - -[<exclude>](#exclude) - -[Sample Config.xml File](#sample-configxml-file) - -## <Policies> +### <Policies> The **<Policies>** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **<Policies>** element are **<ErrorControl>** and **<HardLinkStoreControl>**. The **<Policies>** element is a child of **<Configuration>**. Syntax: `` `` -## <ErrorControl> +### <ErrorControl> The **<ErrorControl>** element is an optional element you can configure in the `Config.xml` file. The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. @@ -139,7 +83,7 @@ Syntax: `` *<pattern>* `` You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. -## <fileError> +### <fileError> The **<fileError>** element isn't required. @@ -153,7 +97,7 @@ Syntax: `` `` You use the **<fileError>** element to represent the behavior associated with file errors. -## <nonFatal> +### <nonFatal> The **<nonFatal>** element isn't required. @@ -171,7 +115,7 @@ Syntax: `` *<pattern>* `` You use the **<nonFatal>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. -## <registryError> +### <registryError> The **<registryError>** element isn't required. @@ -189,7 +133,7 @@ Syntax: `` `` You use the **<registryError>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. -## <HardLinkStoreControl> +### <HardLinkStoreControl> The **<HardLinkStoreControl>** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **<fileLocked>**. @@ -222,43 +166,43 @@ The **<HardLinkStoreControl>** sample code below specifies that hard links ``` -## <fileLocked> +### <fileLocked> The **<fileLocked>** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **<fileLocked>** element are processed in the order in which they appear in the XML file. Syntax: `` `` -## <createHardLink> +### <createHardLink> The **<createHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. Syntax: `` *<pattern>* `` -## <errorHardLink> +### <errorHardLink> The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that isn't possible, **Error\_Locked** is thrown. This error is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. Syntax: `` *<pattern>* `` -## <ProfileControl> +### <ProfileControl> This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **<ProfileMigration>** is a child of **<Configuration>**. Syntax: <`ProfileControl>` `` -## <localGroups> +### <localGroups> This element is used to contain other elements that establish rules for how to migrate local groups. **<localGroups>** is a child of **<ProfileControl>**. Syntax: `` `` -## <mappings> +### <mappings> This element is used to contain other elements that establish mappings between groups. Syntax: `` `` -## <changeGroup> +### <changeGroup> This element describes the source and destination groups for a local group membership change during the migration. It's a child of **<localGroups>**. The following parameters are defined: @@ -272,13 +216,13 @@ The valid and required children of **<changeGroup>** are **<include> Syntax: `` `` -## <include> +### <include> This element specifies that its required child, *<pattern>*, should be included in the migration. Syntax: `` `` -## <exclude> +### <exclude> This element specifies that its required child, *<pattern>*, should be excluded from the migration. diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index 016e76bf24..d6433d0ca6 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -27,32 +27,6 @@ When you include, exclude, and reroute files and settings, it's important to kno - **You can use the <unconditionalExclude> element to globally exclude data.** This element excludes objects, regardless of any other **<include>** rules that are in the .xml files. For example, you can use the **<unconditionalExclude>** element to exclude all MP3 files on the computer or to exclude all files from `C:\UserData`. -## In this topic - -[General](#general) - -- [What is the relationship between rules that are located within different components?](#what-is-the-relationship-between-rules-that-are-located-within-different-components) - -- [How does precedence work with the Config.xml file?](#how-does-precedence-work-with-the-configxml-file) - -- [How does USMT process each component in an .xml file with multiple components?](#how-does-usmt-process-each-component-in-an-xml-file-with-multiple-components) - -- [How are rules processed?](#how-are-rules-processed) - -- [How does USMT combine all of the .xml files that I specify on the command line?](#how-does-usmt-combine-all-of-the-xml-files-that-i-specify-on-the-command-line) - -[The <include> and <exclude> rules](#the-include-and-exclude-rules) - -- [What happens when there are conflicting <include> and <exclude> rules?](#what-happens-when-there-are-conflicting-include-and-exclude-rules) - -- [<include> and <exclude> rules precedence examples](#include-and-exclude-rules-precedence-examples) - -[File collisions](#file-collisions) - -- [What is the default behavior when there are file collisions?](#what-is-the-default-behavior-when-there-are-file-collisions) - -- [How does the <merge> rule work when there are file collisions?](#how-does-the-merge-rule-work-when-there-are-file-collisions) - ## General ### What is the relationship between rules that are located within different components? diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index 4f063c6db3..40514b888a 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -20,7 +20,7 @@ The following template is a template for the sections that you need to migrate y **Template**
- Expand to show Example 1 application template: + Expand to show Example 1 application template: ``` xml @@ -109,7 +109,7 @@ The following sample is a custom .xml file named `CustomFile.xml` that migrates **XML file**
- Expand to show Example 2 XML file: + Expand to show Example 2 XML file: ```xml @@ -159,7 +159,7 @@ The sample patterns describe the behavior in the following example .xml file. **XML file**
- Expand to show Example 3 XML file: + Expand to show Example 3 XML file: ``` xml @@ -201,7 +201,7 @@ The behavior for this custom .xml file is described within the `` t **XML file**
- Expand to show Example 4 XML file: + Expand to show Example 4 XML file: ``` xml diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 22adc255cd..b56b14a8f1 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -13,20 +13,6 @@ ms.technology: itpro-deploy # Customize USMT XML files -## In this topic - -[Overview](#overview) - -[Migration .xml files](#migration-xml-files) - -[Custom .xml files](#custom-xml-files) - -[The Config.xml file](#the-configxml-file) - -[Examples](#examples) - -[Additional Information](#additional-information) - ## Overview If you want the ScanState and LoadState tools to use any of the migration .xml files, specify these files at the command line using the `/i` option. Because the ScanState and LoadState tools need the .xml files to control the migration, specify the same set of .xml files for both the `ScanState.exe` and `LoadState.exe` commands. However, you don't have to specify the `Config.xml` file with the `/config` option, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store but not to the destination computer. To achieve this scenario, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. Then the `LoadState.exe` command will migrate only the files and settings that you want to migrate. diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 6c72dd6cb8..5232dbb7bc 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -15,14 +15,6 @@ ms.technology: itpro-deploy The disk space requirements for a migration are dependent on the size of the migration store and the type of migration. You can estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure. You can also calculate the disk space requirements using the ScanState tool. -## In this topic - -- [Hard disk space requirements](#hard-disk-space-requirements): Describes the disk space requirements for the migration store and other considerations on the source and destination computers. - -- [Calculate disk space requirements using the ScanState tool](#calculate-disk-space-requirements-using-the-scanstate-tool): Describes how to use the ScanState tool to determine how large the migration store will be on a particular computer. - -- [Estimating migration store size](#estimating-migration-store-size): Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure. - ## Hard disk space requirements - **Store**: For non-hard-link migrations, you should ensure that there's enough available disk space at the location where you'll save your store to contain the data being migrated. You can save your store to another partition, an external storage device such as a USB flash drive or a server. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index 47f0de9169..8d4a62d699 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -23,19 +23,7 @@ Options used with the `/extract` option can specify: - Include and exclude patterns for selective data extraction. -In addition, you can specify the file patterns that you want to extract by using the `/i` option to include file patterns or the `/e` option to exclude file patterns. When both the `/i` option and the `/e` option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the ScanState and LoadState tools. - -## In this topic - -- [To run the USMTUtils tool with the /extract option](#to-run-the-usmtutils-tool-with-the-extract-option) - -- [To extract all files from a compressed migration store](#to-extract-all-files-from-a-compressed-migration-store) - -- [To extract specific file types from an encrypted compressed migration store](#to-extract-specific-file-types-from-an-encrypted-compressed-migration-store) - -- [To extract all but one, or more, file types from an encrypted compressed migration store](#to-extract-all-but-one-or-more-file-types-from-an-encrypted-compressed-migration-store) - -- [To extract file types using the include pattern and the exclude pattern](#to-extract-file-types-using-the-include-pattern-and-the-exclude-pattern) +In addition, you can specify the file patterns that you want to extract by using the `/i` option to include file patterns or the `/e` option to exclude file patterns. When both the `/i` option and the `/e` option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the **ScanState** and **LoadState** tools. ### To run the USMTUtils tool with the /extract option diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md index 15d1d625c2..ffa159f0c3 100644 --- a/windows/deployment/usmt/usmt-general-conventions.md +++ b/windows/deployment/usmt/usmt-general-conventions.md @@ -15,12 +15,6 @@ ms.technology: itpro-deploy This topic describes the XML helper functions. -## In this topic - -[General XML guidelines](#general-xml-guidelines) - -[Helper functions](#helper-functions) - ## General XML guidelines Before you modify the .xml files, become familiar with the following guidelines: diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 3992607617..a43972cb9b 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -15,28 +15,6 @@ ms.technology: itpro-deploy A **hard-link migration store** enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed. This functionality is what makes **hard-link migration store** best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs, and enables entirely new migration scenarios. -## In this topic - -[When to use a hard-link migration](#when-to-use-a-hard-link-migration) - -[Understanding a hard-link migration](#understanding-a-hard-link-migration) - -[Hard-Link migration store details](#hard-link-migration-store-details) - -[Hard disk space](#hard-disk-space) - -[Hard-Link store size estimation](#hard-link-store-size-estimation) - -[Migration store path on multiple volumes](#migration-store-path-on-multiple-volumes) - -[Location modifications](#location-modifications) - -[Migrating Encrypting File System (EFS) certificates and files](#migrating-encrypting-file-system-efs-certificates-and-files) - -[Migrating locked files with the hard-link migration store](#migrating-locked-files-with-the-hard-link-migration-store) - -[XML elements in the Config.xml file](#xml-elements-in-the-configxml-file) - ## When to use a hard-link migration You can use a hard-link migration store when your planned migration meets both of the following criteria: diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md index 772cef9f85..270b1902c3 100644 --- a/windows/deployment/usmt/usmt-identify-users.md +++ b/windows/deployment/usmt/usmt-identify-users.md @@ -16,15 +16,6 @@ ms.date: 11/01/2022 It's important to carefully consider how you plan to migrate users. By default, all users are migrated by User State Migration Tool (USMT) 5.0. You must specify which users to include by using the command line. You can't specify users in the .xml files. For instructions on how to migrate users, see [Migrate user accounts](usmt-migrate-user-accounts.md). -## In this topic - -- [Identify users](#identify-users) - - [In this topic](#in-this-topic) - - [Migrating local accounts](#migrating-local-accounts) - - [Migrating domain accounts](#migrating-domain-accounts) - - [Command-line options](#command-line-options) - - [Related articles](#related-articles) - ## Migrating local accounts Before migrating local accounts, be aware of the following items: diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md index 371d380e66..52126c877e 100644 --- a/windows/deployment/usmt/usmt-include-files-and-settings.md +++ b/windows/deployment/usmt/usmt-include-files-and-settings.md @@ -1,6 +1,6 @@ --- title: Include Files and Settings (Windows 10) -description: Specify the migration .xml files you want, then use the User State Migration Tool (USMT) 10.0 to migrate the settings and components specified. +description: Specify the migration .xml files you want, then use the User State Migration Tool (USMT) 10.0 to migrate the settings and components specified. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,25 +13,9 @@ ms.technology: itpro-deploy # Include Files and Settings +When you specify the migration .xml files, User State Migration Tool (USMT) 10.0 migrates the settings and components specified in [What does USMT migrate?](usmt-what-does-usmt-migrate.md). To include additional files and settings, we recommend that you create a custom .xml file, and then include this file when using both the `ScanState.exe` and `LoadState.exe` commands. By creating a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications. -When you specify the migration .xml files, User State Migration Tool (USMT) 10.0 migrates the settings and components specified in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) To include additional files and settings, we recommend that you create a custom .xml file and then include this file when using both the ScanState and LoadState commands. By creating a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications. - -In this topic: - -[Migrate a Single Registry Key](#bkmk-migsingleregkey) - -[Migrate a Specific Folder](#bkmk-migspecificfolder) - -[Migrate a Folder from a Specific Drive](#bkmk-migfoldspecdrive) - -[Migrate a Folder from Any Location](#bkmk-migfolderanyloc) - -[Migrate a File Type Into a Specific Folder](#bkmk-migfiletypetospecificfolder) - -[Migrate a Specific File](#bkmk-migspecificfile) - -## Migrate a Single Registry Key - +## Migrate a single registry key The following .xml file migrates a single registry key. @@ -52,54 +36,53 @@ The following .xml file migrates a single registry key. ``` -## Migrate a Specific Folder - +## Migrate a specific folder The following examples show how to migrate a folder from a specific drive, and from any location on the computer. -### Migrate a Folder from a Specific Drive +### Migrate a folder from a specific drive -- **Including subfolders.** The following .xml file migrates all files and subfolders from C:\\EngineeringDrafts to the destination computer. +- **Including subfolders.** The following .xml file migrates all files and subfolders from `C:\EngineeringDrafts` to the destination computer. ``` xml Component to migrate all Engineering Drafts Documents including subfolders -    -       + + C:\EngineeringDrafts\* [*] -     -    + + ``` -- **Excluding subfolders.** The following .xml file migrates all files from C:\\EngineeringDrafts, but it does not migrate any subfolders within C:\\EngineeringDrafts. +- **Excluding subfolders.** The following .xml file migrates all files from `C:\EngineeringDrafts`, but it doesn't migrate any subfolders within `C:\EngineeringDrafts`. ``` xml Component to migrate all Engineering Drafts Documents without subfolders -    -       + + C:\EngineeringDrafts\ [*] -     -    + + ``` -### Migrate a Folder from Any Location +### Migrate a folder from any location -The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated. +The following .xml file migrates all files and subfolders of the `EngineeringDrafts` folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated. ``` xml @@ -119,7 +102,7 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf ``` -The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any location on the C:\\ drive. If multiple folders exist with the same name, they are all migrated. +The following .xml file migrates all files and subfolders of the `EngineeringDrafts` folder from any location on the `C:\` drive. If multiple folders exist with the same name, they're all migrated. ``` xml @@ -139,10 +122,9 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf ``` -## Migrate a File Type Into a Specific Folder +## Migrate a file type into a specific folder - -The following .xml file migrates .mp3 files located in the specified drives on the source computer into the C:\\Music folder on the destination computer. +The following .xml file migrates `.mp3` files located in the specified drives on the source computer into the `C:\Music` folder on the destination computer. ``` xml @@ -167,31 +149,30 @@ The following .xml file migrates .mp3 files located in the specified drives on t ``` -## Migrate a Specific File - +## Migrate a specific file The following examples show how to migrate a file from a specific folder, and how to migrate a file from any location. -- **To migrate a file from a folder.** The following .xml file migrates only the Sample.doc file from C:\\EngineeringDrafts on the source computer to the destination computer. +- **To migrate a file from a folder.** The following .xml file migrates only the `Sample.doc` file from `C:\EngineeringDrafts` on the source computer to the destination computer. ``` xml Component to migrate all Engineering Drafts Documents -    -       + + C:\EngineeringDrafts\ [Sample.doc] -     -    + + ``` -- **To migrate a file from any location.** To migrate the Sample.doc file from any location on the C:\\ drive, use the <pattern> element, as the following example shows. If multiple files exist with the same name on the C:\\ drive, all of files with this name are migrated. +- **To migrate a file from any location.** To migrate the `Sample.doc` file from any location on the `C:\` drive, use the **<pattern>** element, as the following example shows. If multiple files exist with the same name on the `C:\` drive, all of files with this name are migrated. ``` xml C:\* [Sample.doc] @@ -203,22 +184,12 @@ The following examples show how to migrate a file from a specific folder, and ho ``` -## Related topics - - -[Customize USMT XML Files](usmt-customize-xml-files.md) - -[Custom XML Examples](usmt-custom-xml-examples.md) - -[Conflicts and Precedence](usmt-conflicts-and-precedence.md) - -[USMT XML Reference](usmt-xml-reference.md) - -  - -  - +## Related articles +[Customize USMT XML files](usmt-customize-xml-files.md) +[Custom XML examples](usmt-custom-xml-examples.md) +[Conflicts and precedence](usmt-conflicts-and-precedence.md) +[USMT XML reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 829942814a..64d838d96e 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -1,4 +1,4 @@ ---- +---This title: LoadState Syntax (Windows 10) description: Learn about the syntax and usage of the command-line options available when you use the LoadState command. ms.reviewer: @@ -11,90 +11,88 @@ ms.topic: article ms.technology: itpro-deploy --- -# LoadState Syntax +# LoadState syntax -This topic discusses the **LoadState** command syntax and options available with it. +This article discusses the `LoadState.exe` command syntax and options available with it. -## Before You Begin +## Before you begin -Before you run the **LoadState** command, note the following: +Before you run the `LoadState.exe` command, note the following items: -- To ensure that all operating system settings migrate, we recommend that you run the **LoadState** commands in administrator mode from an account with administrative credentials. +- To ensure that all operating system settings migrate, we recommend that you run the `LoadState.exe` commands in administrator mode from an account with administrative credentials. -- For information about software requirements for running the **LoadState** command, see [USMT Requirements](usmt-requirements.md). +- For information about software requirements for running the `LoadState.exe` command, see [USMT requirements](usmt-requirements.md). -- You should log off after you run the **LoadState** command. Some settings (for example, fonts, wallpaper, and screensaver settings) will not take effect until the next time the user logs in. +- You should sign out after you run the `LoadState.exe` command. Some settings (for example, fonts, wallpaper, and screensaver settings) won't take effect until the next time the user logs in. -- Unless otherwise specified, you can use each option only once when running a tool on the command line. +- Unless otherwise specified, you can use each option only once when running a tool on the command line. -- **LoadState** does not require domain controller access to apply domain profiles. This functionality is available without any additional configuration. It is not necessary for the source computer to have had domain controller access when the user profile was gathered using **ScanState**. However, domain profiles are inaccessible until the destination computer is joined to the domain. +- **LoadState** doesn't require domain controller access to apply domain profiles. This functionality is available without any additional configuration. It isn't necessary for the source computer to have had domain controller access when the user profile was gathered using **ScanState**. However, domain profiles are inaccessible until the destination computer is joined to the domain. -- The [Incompatible Command-Line Options](#bkmk-cloi) table lists which options you can use together and which command-line options are incompatible. +- The [Incompatible command-line options](#incompatible-command-line-options) table lists which options you can use together and which command-line options are incompatible. -## Syntax +## Syntax -This section explains the syntax and usage of the command-line options available when you use the **LoadState** command. The options can be specified in any order. If the option contains a parameter, you can specify either a colon or space separator. +This section explains the syntax and usage of the command-line options available when you use the `LoadState.exe` command. The options can be specified in any order. If the option contains a parameter, you can specify either a colon or space separator. -The **LoadState** command's syntax is: +The `LoadState.exe` command's syntax is: -loadstate *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\] +`loadstate.exe` *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\] -For example, to decrypt the store and migrate the files and settings to a computer running Windows 7 type the following on the command line: +For example, to decrypt the store and migrate the files and settings to a computer, type the following command: -`loadstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:13 /decrypt /key:"mykey"` - -## Storage Options +`loadstate.exe \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:13 /decrypt /key:"mykey"` +## Storage options USMT provides the following options that you can use to specify how and where the migrated data is stored. | Command-Line Option | Description | |--- |--- | -| `StorePath` | Indicates the folder where the files and settings data are stored. You must specify *StorePath* when using the **LoadState** command. You cannot specify more than one *StorePath*. | -| `/decrypt /key`:*KeyString*
or
`/decrypt /key`:"*Key String*"
or
`/decrypt /keyfile`:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you will need to specify the encryption key in one of the following ways:
  • `/key:`*KeyString* specifies the encryption key. If there is a space in *KeyString*, you must surround the argument with quotation marks.
  • `/keyfile:`*FilePathAndName* specifies a text (.txt) file that contains the encryption key

*KeyString* cannot exceed 256 characters.
The `/key` and `/keyfile` options cannot be used on the same command line.
The `/decrypt` and `/nocompress` options cannot be used on the same command line.
**Important**
Use caution with this option, because anyone who has access to the **LoadState** command-line script will also have access to the encryption key.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey` | -| `/decrypt:`*"encryption strength"* | The `/decrypt` option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | -| `/hardlink` | Enables user-state data to be restored from a hard-link migration store. The `/nocompress` parameter must be specified with `/hardlink` option. | -| `/nocompress` | Specifies that the store is not compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option cannot be used with the `/decrypt` option.
For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /nocompress` | +| **StorePath** | Indicates the folder where the files and settings data are stored. You must specify *StorePath* when using the `LoadState.exe` command. You can't specify more than one *StorePath*. | +| **/decrypt /key**:*KeyString*
or
**/decrypt /key**:"*Key String*"
or
**/decrypt /keyfile**:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you'll need to specify the encryption key in one of the following ways:
  • `/key:`*KeyString* specifies the encryption key. If there's a space in *KeyString*, you must surround the argument with quotation marks.
  • `/keyfile:`*FilePathAndName* specifies a text (.txt) file that contains the encryption key

*KeyString* can't exceed 256 characters.
The `/key` and `/keyfile` options can't be used on the same command line.
The `/decrypt` and `/nocompress` options can't be used on the same command line.
**Important**
Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `LoadState.exe` command with these options will also have access to the encryption key.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey` | +| **/decrypt**:*"encryption strength"* | The `/decrypt` option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | +| **/hardlink** | Enables user-state data to be restored from a hard-link migration store. The `/nocompress` parameter must be specified with `/hardlink` option. | +| **/nocompress** | Specifies that the store isn't compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option can't be used with the `/decrypt` option.
For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /nocompress` | -## Migration Rule Options +## Migration rule options USMT provides the following options to specify what files you want to migrate. | Command-Line Option | Description | |--- |--- | -| `/i`:[*Path*]*FileName* | **(include)**
Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigSys.xml, MigDocs.xml and any custom .xml files that you create). *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory.

For more information about which files to specify, see the "XML files" section of the [Frequently Asked Questions](usmt-faq.yml) topic. | -| `/config:`[*Path*]*FileName* | Specifies the Config.xml file that the **LoadState** command should use. You cannot specify this option more than once on the command line. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the *FileName* must be located in the current directory.

This example migrates the files and settings based on the rules in the Config.xml, MigDocs.xml, and MigApp.xml files:

`loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log` | -| `/auto:`*"path to script files"* | This option enables you to specify the location of the default .xml files and then launch your migration. If no path is specified, USMT will use the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i:MigDocs.xml` `/i:MigApp.xml /v:5`. | +| **/i**:[*Path*]*FileName* | **(include)**
Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigSys.xml, MigDocs.xml and any custom .xml files that you create). *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory.

For more information about which files to specify, see the "XML files" section of the [Frequently Asked Questions](usmt-faq.yml) article. | +| **/config**:[*Path*]*FileName* | Specifies the `Config.xml` file that the `LoadState.exe` command should use. You can't specify this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the *FileName* must be located in the current directory.

This example migrates the files and settings based on the rules in the Config.xml, MigDocs.xml, and MigApp.xml files:

`loadstate.exe \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log` | +| **/auto**:*"path to script files"* | This option enables you to specify the location of the default .xml files and then launch your migration. If no path is specified, USMT will use the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i:MigDocs.xml` `/i:MigApp.xml /v:5`. | -## Monitoring Options +## Monitoring options USMT provides several command-line options that you can use to analyze problems that occur during migration. | Command-Line Option | Description | |--- |--- | -| `/l:`[*Path*]*FileName* | Specifies the location and name of the **LoadState** log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the log will be created in the current directory. You can specify the **/v** option to adjust the amount of output.

If you run the **LoadState** command from a shared network resource, you must specify this option or USMT will fail with the error: "USMT was unable to create the log file(s)". To fix this issue, use the **/l:load.log** option. | -| `/v:`*``* | **(Verbosity)**

Enables verbose output in the LoadState log file. The default value is 0.
You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`loadstate \server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml` | -| `/progress:`[*Path*]*FileName* | Creates the optional progress log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:loadlog.log` | -| `/c` | When this option is specified, the **LoadState** command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit on the computer, the **LoadState** command will log an error and continue with the migration. Without the **/c** option, the **LoadState** command will exit on the first error. You can use the new <**ErrorControl**> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the **/c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the **/genconfig** option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the Config.xml file. | -| `/r:`*``* | **(Retry)**

Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

While restoring the user state, the **/r** option will not recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | -| `/w:`*``* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | -| `/?` or `/help` | Displays Help on the command line. | +| **/l**:[*Path*]*FileName* | Specifies the location and name of the **LoadState** log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the log will be created in the current directory. You can specify the `/v` option to adjust the verbosity of the log.

If you run the `LoadState.exe` command from a shared network resource, you must specify this option, or USMT will fail with the error:

***USMT was unable to create the log file(s)***

To fix this issue, make sure to specify the `/l` option when running `LoadState.exe` from a shared network resource. | +| **/v**:*``* | **(Verbosity)**

Enables verbose output in the **LoadState** log file. The default value is 0.
You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`loadstate.exe \server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml` | +| **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:loadlog.log` | +| **/c** | When this option is specified, the `LoadState.exe` command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there's a large file that won't fit on the computer, the `LoadState.exe` command will log an error and continue with the migration. Without the **/c** option, the `LoadState.exe` command will exit on the first error. You can use the new <**ErrorControl**> section in the `Config.xml` file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This error control enables the **/c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the **/genconfig** option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the Config.xml file. | +| **/r**:*``* | **(Retry)**

Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity isn't reliable.

While restoring the user state, the `/r` option won't recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | +| **/w**:*``* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | +| **/?** or **/help** | Displays Help on the command line. | -## User Options +## User options -By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You cannot exclude users in the migration .xml files or by using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md). +By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You can't exclude users in the migration .xml files or by using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md). | Command-Line Option | Description | |--- |--- | -| `/all` | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with the **/ue** or **/uel** options. For this reason, you do not need to specify this option on the command line. However, if you choose to use the **/all** option, you cannot also use the **/ui**, **/ue** or **/uel** options. | -| `/ui:`*DomainName UserName*
or
`/ui:`*"DomainName User Name"*
or
`/ui:`*ComputerName LocalUserName* | **(User include)**

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the **/ue** option. You can specify multiple **/ui** options, but you cannot use the **/ui** option with the **/all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotations marks.
For example:
  • To include only User2 from the Corporate domain, type:
    `/ue:* /ui:corporate\user2`
**Note**
If a user is specified for inclusion with the **/ui** option, and also is specified to be excluded with either the **/ue** or **/uel** options, the user will be included in the migration.

For more examples, see the descriptions of the **/uel**, **/ue**, and **/ui** options in this table. | -| `/uel:`*``*
or
`/uel:`*``*
or
`/uel:0` | **(User exclude based on last logon)**

Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The **/uel** option acts as an include rule. For example, the **/uel:30** option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the ScanState command is run. You can specify a number of days or you can specify a date. You cannot use this option with the **/all** option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT.
**Note**
The **/uel** option is not valid in offline migrations.

Examples:
  • `/uel:0` migrates accounts that were logged on to the source computer when the **ScanState** command was run.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose accounts have been modified within the last 24 hours.
  • `/uel:2002/1/15` migrates users who have logged on or whose accounts have been modified since January 15, 2002.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0` | -| `/ue`:*DomainName UserName*
or
`/ue`*"DomainName User Name"*
or
`/ue`:*ComputerName LocalUserName* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple **/ue** options but you cannot use the **/ue** option with the **/all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1`
For more examples, see the descriptions of the **/uel**, **/ue**, and **/ui** options in this table. | -| `/md:`*OldDomain*:*NewDomain*
or
`/md:`*LocalComputerName:NewDomain* | **(move domain)**
Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character.

You can specify this option more than once. You may want to specify multiple **/md** options if you are consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`.

If there are conflicts between two **/md** commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain.
**Note**
If you specify an *OldDomain* that did not exist on the source computer, the **LoadState** command will appear to complete successfully, without an error or warning. However, in this case, users will not be moved to *NewDomain* but will remain in their original domain. For example, if you misspell "contoso" and you specify "/md:contso:fabrikam", the users will remain in contoso on the destination computer.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
` /progress:prog.log /l:load.log /md:contoso:fabrikam` | -| `/mu:`*OldDomain OldUserName*:[*NewDomain*]*NewUserName*
or
`/mu:`*OldLocalUserName*:*NewDomain NewUserName* | Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple **/mu** options. You cannot use wildcard characters with this option.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /mu:contoso\user1:fabrikam\user1` | -| `/lac:`[*Password*] | **(local account create)**

Specifies that if a user account is a local (non-domain) account, and it does not exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the **/lae** option.

If the **/lac** option is not specified, any local user accounts that do not already exist on the destination computer will not be migrated.

*Password* is the password for the newly created account. An empty password is used by default.
**Caution**
Use the *Password* variable with caution because it is provided in plain text and can be obtained by anyone with access to the computer that is running the **LoadState** command.
Also, if the computer has multiple users, all migrated users will have the same password.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
For instructions, see [Migrate User Accounts](usmt-migrate-user-accounts.md). | -| `/lae` | **(local account enable)**

Enables the account that was created with the **/lac** option. You must specify the **/lac** option with this option.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /lac:password /lae`

For instructions, see [Migrate User Accounts](usmt-migrate-user-accounts.md). | - +| **/all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to use the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. | +| **/ui**:*DomainName UserName*
or
**/ui**:*"DomainName User Name"*
or
**/ui**:*ComputerName LocalUserName* | **(User include)**

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` option. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotations marks.
For example:
  • To include only User2 from the Corporate domain, type:
    `/ue:* /ui:corporate\user2`
**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | +| **/uel**:*``*
or
**/uel**:*``*
or
**/uel**:0 | **(User exclude based on last logon)**

Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the `ScanState.exe` command is run. You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed into another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.

Examples:
  • `/uel:0` migrates accounts that were logged on to the source computer when the `ScanState.exe` command was run.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose accounts have been modified within the last 24 hours.
  • `/uel:2002/1/15` migrates users who have logged on or whose accounts have been modified since January 15, 2002.

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0` | +| **/ue**:*DomainName\UserName*
or
**/ue** *"DomainName\User Name"*
or
**/ue**:*ComputerName\LocalUserName* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options but you can't use the `/ue` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks.

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1`
For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | +| **/md**:*OldDomain*:*NewDomain*
or
**/md**:*LocalComputerName:NewDomain* | **(Move domain)**

Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character.

You can specify this option more than once. You may want to specify multiple `/md` options if you're consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`.

If there are conflicts between two `/md` commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain.
**Note**
If you specify an *OldDomain* that didn't exist on the source computer, the `LoadState.exe` command will appear to complete successfully, without an error or warning. However, in this case, users won't be moved to *NewDomain* but will remain in their original domain. For example, if you misspell **contoso** and you instead specify **/md:contso:fabrikam**, the users will remain in **contoso** on the destination computer.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
` /progress:prog.log /l:load.log /md:contoso:fabrikam` | +| **/mu**:*OldDomain OldUserName*:[*NewDomain*]*NewUserName*
or
**/mu**:*OldLocalUserName*:*NewDomain NewUserName* | **(Move user)**

Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple `/mu` options. You can't use wildcard characters with this option.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /mu:contoso\user1:fabrikam\user1` | +| **/lac**:[*Password*] | **(Local account create)**

Specifies that if a user account is a local (non-domain) account, and it doesn't exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the `/lae` option.

If the `/lac` option isn't specified, any local user accounts that don't already exist on the destination computer won't be migrated.

*Password* is the password for the newly created account. An empty password is used by default.
**Caution**
Use the *Password* variable with caution because it's provided in plain text and can be obtained by anyone with access to the computer that is running the `LoadState.exe` command.
Also, if the computer has multiple users, all migrated users will have the same password.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | +| `/lae` | **(Local account enable)**

Enables the account that was created with the `/lac` option. You must specify the `/lac` option with this option.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /lac:password /lae`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | ### Examples for the /ui and /ue options @@ -109,24 +107,24 @@ The following examples apply to both the **/ui** and **/ue** options. You can re | Exclude all local users. | `/ue:%computername%` | | Exclude users in all domains named User1, User2, and so on. | `/ue:\user` | -### Using the Options Together +### Using the options together -You can use the **/uel**, **/ue** and **/ui** options together to migrate only the users that you want migrated. +You can use the `/uel`, `/ue` and `/ui` options together to migrate only the users that you want migrated. -**The /ui option has precedence over the /ue and /uel options.** If a user is specified to be included using the **/ui** option, and also specified to be excluded using either the **/ue** or **/uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the **/ui** option takes precedence over the **/ue** option. +**The /ui option has precedence over the /ue and /uel options.** If a user is included using the `/ui` option and also excluded using either the `/ue` or `/uel` options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the `/ui` option takes precedence over the `/ue` option. -**The /uel option takes precedence over the /ue option.** If a user has logged on within the specified time period set by the **/uel** option, that user's profile will be migrated even if they are excluded by using the **/ue** option. For example, if you specify `/ue:contoso\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days. +**The /uel option takes precedence over the /ue option.** If a user has logged on within the specified time period set by the `/uel` option, that user's profile will be migrated even if they're excluded by using the `/ue` option. For example, if you specify `/ue:contoso\user1 /uel:14`, the User1 will be migrated if they've logged on to the computer within the last 14 days. | Behavior | Command | |--- |--- | | Include only User2 from the Fabrikam domain and exclude all other users. | `/ue:* /ui:fabrikam\user2` | | Include only the local user named User1 and exclude all other users. | `/ue:* /ui:user1` | -| Include only the domain users from Contoso, except Contoso\User1. | This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:
  • Using the **ScanState** command-line tool, type: `/ue:* /ui:contoso`
  • Using the **LoadState** command-line tool, type: `/ue:contoso\user1`
| +| Include only the domain users from Contoso, except Contoso\User1. | This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following options:
  • Using the **ScanState** command-line tool, type: `/ue:* /ui:contoso`
  • Using the **LoadState** command-line tool, type: `/ue:contoso\user1`
| | Include only local (non-domain) users. | `/ue: /ui:%computername%*` | -## Incompatible Command-Line Options +## Incompatible command-line options -The following table indicates which command-line options are not compatible with the **LoadState** command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options are not compatible. For example, you cannot use the **/nocompress** option with the **/encrypt** option. +The following table indicates which command-line options aren't compatible with the `LoadState.exe` command. If the table entry for a particular combination is blank, the options are compatible, and you can use them together. The X symbol means that the options aren't compatible. For example, you can't use the `/nocompress` option with the `/encrypt` option. | Command-Line Option | /keyfile | /nocompress | /genconfig | /all | |--- |--- |--- |--- |--- | @@ -155,8 +153,8 @@ The following table indicates which command-line options are not compatible with | **/lac** | | | | | > [!NOTE] -> You must specify either the **/key** or **/keyfile** option with the **/encrypt** option. +> You must specify either the `/key` or `/keyfile` option with the `/encrypt` option. -## Related topics +## Related articles -[XML Elements Library](usmt-xml-elements-library.md) +[XML elements library](usmt-xml-elements-library.md) diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 57563d3932..80d06d0350 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -1,6 +1,6 @@ --- title: Log Files (Windows 10) -description: Learn how to use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. +description: Learn how to use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,98 +11,98 @@ ms.topic: article ms.technology: itpro-deploy --- -# Log Files +# Log files -You can use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This topic describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue. +You can use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This article describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue. -[Log Command-Line Options](#bkmk-commandlineoptions) +[Log command-line options](#log-command-line-options) -[ScanState and LoadState Logs](#bkmk-scanloadstatelogs) +[ScanState and LoadState logs](#scanstate-and-loadstate-logs) -[Progress Log](#bkmk-progresslog) +[Progress log](#progress-log) -[List Files Log](#bkmk-listfileslog) +[List files log](#list-files-log) -[Diagnostic Log](#bkmk-diagnosticlog) +[Diagnostic log](#diagnostic-log) -## Log Command-Line Options +## Log command-line options The following table describes each command-line option related to logs, and it provides the log name and a description of what type of information each log contains. |Command line Option|File Name|Description| |--- |--- |--- | -|**/l** *[Path]FileName*|Scanstate.log or LoadState.log|Specifies the path and file name of the ScanState.log or LoadState log.| -|**/progress** *[Path]FileName*|Specifies the path and file name of the Progress log.|Provides information about the status of the migration, by percentage complete.| -|**/v** *[VerbosityLevel]*|Not applicable|See the "Monitoring Options" section in [ScanState Syntax](usmt-scanstate-syntax.md).| -|**/listfiles** *[Path]FileName*|Specifies the path and file name of the Listfiles log.|Provides a list of the files that were migrated.| -|Set the environment variable MIG_ENABLE_DIAG to a path to an XML file.|USMTDiag.xml|The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.| +|**/l**"*[Path]FileName*|`Scanstate.log` or `LoadState.log`|Specifies the path and file name of the **ScanState** log or **LoadState** log.| +|**/progress**:*[Path]FileName*|Specifies the path and file name of the Progress log.|Provides information about the status of the migration, by percentage complete.| +|**/v**:*[VerbosityLevel]*|Not applicable|See [Monitoring options](usmt-scanstate-syntax.md#monitoring-options) in [ScanState syntax](usmt-scanstate-syntax.md).| +|**/listfiles**:*[Path]FileName*|Specifies the path and file name of the Listfiles log.|Provides a list of the files that were migrated.| +|Set the environment variable **MIG_ENABLE_DIAG** to a path to an XML file.|`USMTDiag.xml`|The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.| > [!NOTE] > You cannot store any of the log files in *StorePath*. If you do, the log will be overwritten when USMT is run. -## ScanState and LoadState Logs +## ScanState and LoadState logs -ScanState and LoadState logs are text files that are create when you run the ScanState and LoadState tools. You can use these logs to help monitor your migration. The content of the log depends on the command-line options that you use and the verbosity level that you specify. For more information about verbosity levels, see Monitoring Options in [ScanState Syntax](usmt-scanstate-syntax.md). + **ScanState** and **LoadState** logs are text files that are create when you run the **ScanState** and **LoadState** tools. You can use these logs to help monitor your migration. The content of the log depends on the command-line options that you use and the verbosity level that you specify. For more information about verbosity levels, see [Monitoring options](usmt-scanstate-syntax.md#monitoring-options) in [ScanState syntax](usmt-scanstate-syntax.md). -## Progress Log +## Progress log -You can create a progress log using the **/progress** option. External tools, such as Microsoft System Center Operations Manager 2007, can parse the progress log to update your monitoring systems. The first three fields in each line are fixed as follows: +You can create a progress log using the `/progress` option. External tools, such as Microsoft System Center Operations Manager, can parse the progress log to update your monitoring systems. The first three fields in each line are fixed as follows: -- **Date:** Date, in the format of *day* *shortNameOfTheMonth* *year*. For example: 08 Jun 2006. +- **Date:** Date, in the format of *day* *shortNameOfTheMonth* *year*. For example: 08 Jun 2006. -- **Local time:** Time, in the format of *hrs*:*minutes*:*seconds* (using a 24-hour clock). For example: 13:49:13. +- **Local time:** Time, in the format of *hrs*:*minutes*:*seconds* (using a 24-hour clock). For example: 13:49:13. -- **Migration time:** Duration of time that USMT was run, in the format of *hrs:minutes:seconds*. For example: 00:00:10. +- **Migration time:** Duration of time that USMT was run, in the format of *hrs:minutes:seconds*. For example: 00:00:10. The remaining fields are key/value pairs as indicated in the following table. | Key | Value | |-----|-------| -| program | ScanState.exe or LoadState.exe. | -| productVersion | The full product version number of USMT. | -| computerName | The name of the source or destination computer on which USMT was run. | -| commandLine | The full command used to run USMT. | -| PHASE | Reports that a new phase in the migration is starting. This can be one of the following:
  • Initializing
  • Scanning
  • Collecting
  • Saving
  • Estimating
  • Applying
| -| detectedUser |
  • For the ScanState tool, these are the users USMT detected on the source computer that can be migrated.
  • For the LoadState tool, these are the users USMT detected in the store that can be migrated.
| -| includedInMigration | Defines whether the user profile/component is included for migration. Valid values are Yes or No. | -| forUser | Specifies either of the following:
  • The user state being migrated.
  • *This Computer*, meaning files and settings that are not associated with a user.
| -| detectedComponent | Specifies a component detected by USMT.
  • For ScanState, this is a component or application that is installed on the source computer.
  • For LoadState, this is a component or application that was detected in the store.
| -| totalSizeInMBToTransfer | Total size of the files and settings to migrate in megabytes (MB). | -| totalPercentageCompleted | Total percentage of the migration that has been completed by either ScanState or LoadState. | -| collectingUser | Specifies which user ScanState is collecting files and settings for. | -| totalMinutesRemaining | Time estimate, in minutes, for the migration to complete. | -| error | Type of non-fatal error that occurred. This can be one of the following:
  • **UnableToCopy**: Unable to copy to store because the disk on which the store is located is full.
  • **UnableToOpen**: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.
  • **UnableToCopyCatalog**: Unable to copy because the store is corrupted.
  • **UnableToAccessDevice**: Unable to access the device.
  • **UnableToApply**: Unable to apply the setting to the destination computer.
| -| objectName | The name of the file or setting that caused the non-fatal error. | -| action | Action taken by USMT for the non-fatal error. The values are:
  • **Ignore**: Non-fatal error ignored and the migration continued because the **/c** option was specified on the command line.
  • **Abort**: Stopped the migration because the **/c** option was not specified.
| -| errorCode | The errorCode or return value. | -| numberOfIgnoredErrors | The total number of non-fatal errors that USMT ignored. | -| message | The message corresponding to the errorCode. | +| **program** | `ScanState.exe` or `LoadState.exe`. | +| **productVersion** | The full product version number of USMT. | +| **computerName** | The name of the source or destination computer on which USMT was run. | +| **commandLine** | The full command used to run USMT. | +| **PHASE** | Reports that a new phase in the migration is starting. This key can be one of the following values:
  • Initializing
  • Scanning
  • Collecting
  • Saving
  • Estimating
  • Applying
| +| **detectedUser** |
  • For the **ScanState** tool, this key are the users USMT detected on the source computer that can be migrated.
  • For the **LoadState** tool, this key are the users USMT detected in the store that can be migrated.
| +| **includedInMigration** | Defines whether the user profile/component is included for migration. Valid values are **Yes** or **No**. | +| **forUser** | Specifies either of the following values:
  • The user state being migrated.
  • *This Computer*, meaning files and settings that aren't associated with a user.
| +| **detectedComponent** | Specifies a component detected by USMT.
  • For **ScanState**, this key is a component or application that is installed on the source computer.
  • For **LoadState**, this key is a component or application that was detected in the store.
| +| **totalSizeInMBToTransfer** | Total size of the files and settings to migrate in megabytes (MB). | +| **totalPercentageCompleted** | Total percentage of the migration that has been completed by either **ScanState** or **LoadState**. | +| **collectingUser** | Specifies which user **ScanState** is collecting files and settings for. | +| **totalMinutesRemaining** | Time estimate, in minutes, for the migration to complete. | +| **error** | Type of non-fatal error that occurred. This key can be one of the following values:
  • **UnableToCopy**: Unable to copy to store because the disk on which the store is located is full.
  • **UnableToOpen**: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.
  • **UnableToCopyCatalog**: Unable to copy because the store is corrupted.
  • **UnableToAccessDevice**: Unable to access the device.
  • **UnableToApply**: Unable to apply the setting to the destination computer.
| +| **objectName** | The name of the file or setting that caused the non-fatal error. | +| **action** | Action taken by USMT for the non-fatal error. The values are:
  • **Ignore**: Non-fatal error ignored and the migration continued because the **/c** option was specified on the command line.
  • **Abort**: Stopped the migration because the **/c** option wasn't specified.
| +| **errorCode** | The errorCode or return value. | +| **numberOfIgnoredErrors** | The total number of non-fatal errors that USMT ignored. | +| **message** | The message corresponding to the errorCode. | -## List Files Log +## List files log -The List files log (Listfiles.txt) provides a list of the files that were migrated. This list can be used to troubleshoot XML issues or can be retained as a record of the files that were gathered into the migration store. The List Files log is only available for ScanState.exe. +The List files log (`Listfiles.txt`) provides a list of the files that were migrated. This list can be used to troubleshoot XML issues or can be retained as a record of the files that were gathered into the migration store. The List Files log is only available for `ScanState.exe`. -## Diagnostic Log +## Diagnostic log -You can obtain the diagnostic log by setting the environment variable MIG\_ENABLE\_DIAG to a path to an XML file. +You can obtain the diagnostic log by setting the environment variable **MIG_ENABLE_DIAG** to a path to an XML file. The diagnostic log contains: -- Detailed system environment information +- Detailed system environment information -- Detailed user environment information +- Detailed user environment information -- Information about the migration units (migunits) being gathered and their contents +- Information about the migration units (migunits) being gathered and their contents ## Using the Diagnostic Log -The diagnostic log is essentially a report of all the migration units (migunits) included in the migration. A migunit is a collection of data that is identified by the component it is associated with in the XML files. The migration store is made up of all the migunits in the migration. The diagnostic log can be used to verify which migunits were included in the migration and can be used for troubleshooting while authoring migration XML files. +The diagnostic log is essentially a report of all the migration units (migunits) included in the migration. A migunit is a collection of data that is identified by the component it's associated with in the XML files. The migration store is made up of all the migunits in the migration. The diagnostic log can be used to verify which migunits were included in the migration and can be used for troubleshooting while authoring migration XML files. The following examples describe common scenarios in which you can use the diagnostic log. **Why is this file not migrating when I authored an "include" rule for it?** -Let's imagine that we have the following directory structure and that we want the "data" directory to be included in the migration along with the "New Text Document.txt" file in the "New Folder." The directory of **C:\\data** contains: +Let's imagine that we have the following directory structure and that we want the **data** directory to be included in the migration along with the **New Text Document.txt** file in the **New Folder**. The directory of `C:\data` contains: ```console 01/21/2009 10:08 PM . @@ -113,7 +113,7 @@ Let's imagine that we have the following directory structure and that we want th 2 File(s) 26 bytes ``` -The directory of **C:\\data\\New Folder** contains: +The directory of `C:\data\New Folder` contains: ```console 01/21/2009 10:08 PM . @@ -144,59 +144,59 @@ To migrate these files you author the following migration XML: ``` -However, upon testing the migration you notice that the "New Text Document.txt" file isn't included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable MIG\_ENABLE\_DIAG set such that the diagnostic log is generated. Upon searching the diagnostic log for the component "DATA1", the following XML section is discovered: +However, upon testing the migration you notice that the **New Text Document.txt** file isn't included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable **MIG_ENABLE_DIAG** set such that the diagnostic log is generated. Upon searching the diagnostic log for the component **DATA1**, the following XML section is discovered: ```xml - - - - - + + + + + - - - - - + + + + + ``` -Analysis of this XML section reveals the migunit that was created when the migration rule was processed. The <Perform> section details the actual files that were scheduled for gathering and the result of the gathering operation. The "New Text Document.txt" file doesn't appear in this section, which confirms that the migration rule was not correctly authored. +Analysis of this XML section reveals the migunit that was created when the migration rule was processed. The **<Perform>** section details the actual files that were scheduled for gathering and the result of the gathering operation. The **New Text Document.txt** file doesn't appear in this section, which confirms that the migration rule wasn't correctly authored. -An analysis of the XML elements reference topic reveals that the <pattern> tag needs to be modified as follows: +An analysis of the [XML elements library](usmt-xml-elements-library.md) reference article reveals that the [**<pattern>**](usmt-xml-elements-library.md#pattern) tag needs to be modified as follows: ```xml c:\data\* [*] ``` -When the migration is preformed again with the modified tag, the diagnostic log reveals the following: +When the migration is performed again with the modified tag, the diagnostic log reveals the following information: ```xml - - - - - + + + + + - - - - - - - + + + + + + + ``` -This diagnostic log confirms that the modified <pattern> value enables the migration of the file. +This diagnostic log confirms that the modified **<pattern>** value enables the migration of the file. **Why is this file migrating when I authored an exclude rule excluding it?** -In this scenario, you have the following directory structure and you want all files in the "data" directory to migrate, except for text files. The **C:\\Data** folder contains: +In this scenario, you have the following directory structure and you want all files in the **Data** directory to migrate, except for text files. The `C:\Data` folder contains: ```console Directory of C:\Data @@ -209,7 +209,7 @@ Directory of C:\Data 2 File(s) 26 bytes ``` -The **C:\\Data\\New Folder\\** contains: +The `C:\Data\New Folder\` contains: ```console 01/21/2009 10:08 PM . @@ -246,33 +246,33 @@ You author the following migration XML: ``` -However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable MIG\_ENABLE\_DIAG set so that the diagnostic log is generated. Upon searching the diagnostic log for the component "DATA1", the following XML section is discovered: +However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable **MIG_ENABLE_DIAG** set so that the diagnostic log is generated. Upon searching the diagnostic log for the component **DATA1**, the following XML section is discovered: ```xml - - - - - - - - + + + + + + + + - - - - - - - - - + + + + + + + + + ``` -Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it is a problem with the authored migration XML rule. You author an update to the migration XML script as follows: +Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it's a problem with the authored migration XML rule. You author an update to the migration XML script as follows: ```xml @@ -307,31 +307,30 @@ Your revised migration XML script excludes the files from migrating, as confirme ```xml - - - - - - - - + + + + + + + + - - - - - - + + + + + + ``` -## Related topics +## Related articles +[XML elements library](usmt-xml-elements-library.md) -[XML Elements Library](usmt-xml-elements-library.md) +[ScanState syntax](usmt-scanstate-syntax.md) -[ScanState Syntax](usmt-scanstate-syntax.md) - -[LoadState Syntax](usmt-loadstate-syntax.md) +[LoadState syntax](usmt-loadstate-syntax.md) diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index d69ef98d2d..bad81e8a92 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -11,43 +11,37 @@ ms.topic: article ms.technology: itpro-deploy --- -# Migrate EFS Files and Certificates +# Migrate EFS files and certificates +This article describes how to migrate Encrypting File System (EFS) certificates. For more information about the `/efs` option, see [Encrypted file options](#encrypted-file-options) in [ScanState syntax](usmt-scanstate-syntax.md). -This topic describes how to migrate Encrypting File System (EFS) certificates. For more information about the **/efs** For options, see [ScanState Syntax](usmt-scanstate-syntax.md). +## To migrate EFS files and certificates -## To Migrate EFS Files and Certificates +Encrypting File System (EFS) certificates will be migrated automatically. However, by default, the User State Migration Tool (USMT) 10.0 fails if an encrypted file is found unless you specify an `/efs` option. Therefore when a device has EFS encrypted files, you must specify the `/efs` option with any one of the following parameters: +- `abort` +- `skip` +- `decryptcopy` +- `copyraw` +- `hardlink` -Encrypting File System (EFS) certificates will be migrated automatically. However, by default, the User State Migration Tool (USMT) 10.0 fails if an encrypted file is found (unless you specify an **/efs** option). Therefore, you must specify **/efs:abort | skip | decryptcopy | copyraw | hardlink** with the ScanState command to migrate the encrypted files. Then, when you run the LoadState command on the destination computer, the encrypted file and the EFS certificate will be automatically migrated. +when running the `ScanState.exe` command to migrate the encrypted files. Then, when you run the `LoadState.exe` command on the destination computer, the encrypted file and the EFS certificate will be automatically migrated. -**Note**   -The **/efs** options are not used with the LoadState command. +> [!NOTE] +> The `/efs` options are not used with the `LoadState.exe` command. - +Before using the **ScanState** tool for a migration that includes encrypted files and EFS certificates, you must ensure that all files in an encrypted folder are encrypted as well or remove the encryption attribute from folders that contain unencrypted files. If the encryption attribute has been removed from a file but not from the parent folder, the file will be encrypted during the migration using the credentials of the account used to run the **LoadState** tool. -Before using the ScanState tool for a migration that includes encrypted files and EFS certificates, you must ensure that all files in an encrypted folder are encrypted as well or remove the encryption attribute from folders that contain unencrypted files. If the encryption attribute has been removed from a file but not from the parent folder, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. - -You can run the Cipher tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt type: +You can run the [Cipher.exe](/windows-server/administration/windows-commands/cipher) tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt type: ``` syntax -Cipher /D /S: +Cipher.exe /D /S: ``` -Where *<Path>* is the full path of the topmost parent directory where the encryption attribute is set. - -## Related topics - - -[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) - -[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) - - - - - - +where *<Path>* is the full path of the topmost parent directory where the encryption attribute is set. +## Related articles +[What does USMT migrate?](usmt-what-does-usmt-migrate.md) +[Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md) diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index ad49e90fc3..ebb8f677d1 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -13,82 +13,69 @@ ms.technology: itpro-deploy # Migrate User Accounts +By default, all users are migrated. The only way to specify which users to include and exclude is on the command line by using the User options. You can't specify users in the migration XML files or by using the Config.xml file. -By default, all users are migrated. The only way to specify which users to include and exclude is on the command line by using the User options. You cannot specify users in the migration XML files or by using the Config.xml file. +## To migrate all user accounts and user settings -## In this Topic +Links to detailed explanations of commands are available in the [Related articles](#related-articles) section. +1. Sign into the source computer as an administrator. -- [To migrate all user accounts and user settings](#bkmk-migrateall) +2. Enter the following `scanstate.exe` command line in a command prompt window: -- [To migrate two domain accounts (User1 and User2)](#bkmk-migratetwo) + `scanstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /o` -- [To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain](#bkmk-migratemoveuserone) +3. Sign into the destination computer as an administrator. -## To migrate all user accounts and user settings -Links to detailed explanations of commands are available in the Related Topics section. +4. Enter one of the following `loadstate.exe` command lines in a command prompt window: -1. Log on to the source computer as an administrator, and specify the following in a **Command-Prompt** window: + - If you're migrating domain accounts, Enter: - `scanstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /o` + `loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml` -2. Log on to the destination computer as an administrator. + - If you're migrating local accounts along with domain accounts, Enter: -3. Do one of the following: + `loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /lac /lae` - - If you are migrating domain accounts, specify: + > [!NOTE] + > You do not have to specify the `/lae` option, which enables the account that was created with the `/lac` option. Instead, you can create a disabled local account by specifying only the `/lac` option, and then a local administrator needs to enable the account on the destination computer. - `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml` +## To migrate two domain accounts (User1 and User2) - - If you are migrating local accounts along with domain accounts, specify: +Links to detailed explanations of commands are available in the [Related articles](#related-articles) section. - `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /lac /lae` +1. Sign into the source computer as an administrator. - **Note**   - You do not have to specify the **/lae** option, which enables the account that was created with the **/lac** option. Instead, you can create a disabled local account by specifying only the **/lac** option, and then a local administrator needs to enable the account on the destination computer. +2. Enter the following `scanstate.exe` command line in a command prompt window: - + `scanstate.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:migdocs.xml /i:migapp.xml /o` -## To migrate two domain accounts (User1 and User2) -Links to detailed explanations of commands are available in the Related Topics section. +3. Sign into the destination computer as an administrator. -1. Log on to the source computer as an administrator, and specify: +4. Enter the following `loadstate.exe` command line in a command prompt window: - `scanstate \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:migdocs.xml /i:migapp.xml /o` + `loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml` -2. Log on to the destination computer as an administrator. +## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain -3. Specify the following: +Links to detailed explanations of commands are available in the [Related articles](#related-articles) section. - `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml` +1. Sign into the source computer as an administrator. -## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain -Links to detailed explanations of commands are available in the Related Topics section. +2. Enter the following `scanstate.exe` command line in a command prompt window: -1. Log on to the source computer as an administrator, and type the following at the command-line prompt: + `scanstate.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:migdocs.xml /i:migapp.xml /o` - `scanstate \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:migdocs.xml /i:migapp.xml /o` +3. Sign into the destination computer as an administrator. -2. Log on to the destination computer as an administrator. - -3. Specify the following: - - `loadstate \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:migdocs.xml /i:migapp.xml` - -## Related topics - - -[Identify Users](usmt-identify-users.md) - -[ScanState Syntax](usmt-scanstate-syntax.md) - -[LoadState Syntax](usmt-loadstate-syntax.md) - - - - +4. Enter the following `loadstate.exe` command line in a command prompt window: + `loadstate.exe \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:migdocs.xml /i:migapp.xml` +## Related articles +[Identify users](usmt-identify-users.md) +[ScanState syntax](usmt-scanstate-syntax.md) +[LoadState syntax](usmt-loadstate-syntax.md) diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index c0a58da681..bdbed437a0 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -1,6 +1,6 @@ --- title: Migration Store Encryption (Windows 10) -description: Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES). +description: Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES). ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,26 +11,26 @@ ms.topic: article ms.technology: itpro-deploy --- -# Migration Store Encryption +# Migration store encryption -This topic discusses User State Migration Tool (USMT) 10.0 options for migration store encryption to protect the integrity of user data during a migration. +This article discusses User State Migration Tool (USMT) 10.0 options for migration store encryption to protect the integrity of user data during a migration. -## USMT Encryption Options +## USMT encryption options USMT enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES), in several bit-level options. AES is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data. -The encryption algorithm you choose must be specified for both the **ScanState** and the **LoadState** commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the **ScanState** and the **LoadState** command lines by using the **/encrypt**:*"encryptionstrength"* and the **/decrypt**:*"encryptionstrength"* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the Usmtutils.exe file to determine which encryption algorithms are available to the computers' locales before you begin the migration. +The encryption algorithm you choose must be specified for both the `ScanState.exe` and the `LoadState.exe` commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the `ScanState.exe` and the `LoadState.exe` command lines by using the `/encrypt`:*encryptionstrength* and the `/decrypt`:*encryptionstrength* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the `Usmtutils.exe` file to determine which encryption algorithms are available to the computers' locales before you begin the migration. The following table describes the command-line encryption options in USMT. |Component|Option|Description| |--- |--- |--- | -|**ScanState**|**/encrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument is not provided, the **ScanState** tool employs the 3DES algorithm.| -|**LoadState**|**/decrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument is not provided, the **LoadState** tool employs the 3DES algorithm.| +|**ScanState**|**/encrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument isn't provided, the **ScanState** tool employs the **3DES** algorithm.| +|**LoadState**|**/decrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument isn't provided, the **LoadState** tool employs the **3DES** algorithm.| -**Important**   -Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the UsmtUtils command with the **/ec** option. For more information see [UsmtUtils Syntax](usmt-utilities.md) +> [!IMPORTANT] +> Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the `UsmtUtils.exe` command with the `/ec` option. For more information, see [UsmtUtils syntax](usmt-utilities.md). -## Related topics +## Related articles -[Plan Your Migration](usmt-plan-your-migration.md) +[Plan your migration](usmt-plan-your-migration.md) diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md index 3bb7d204bb..7609e4e147 100644 --- a/windows/deployment/usmt/usmt-overview.md +++ b/windows/deployment/usmt/usmt-overview.md @@ -11,36 +11,36 @@ ms.collection: highpri ms.technology: itpro-deploy --- -# User State Migration Tool (USMT) Overview +# User State Migration Tool (USMT) overview -You can use User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. USMT captures user accounts, user files, operating system settings, and application settings, and then migrates them to a new Windows installation. You can use USMT for both PC replacement and PC refresh migrations. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md). +You can use User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. USMT captures user accounts, user files, operating system settings, and application settings, and then migrates them to a new Windows installation. You can use USMT for both PC replacement and PC refresh migrations. For more information, see [Common migration scenarios](usmt-common-migration-scenarios.md). -USMT enables you to do the following: +USMT enables you to do the following actions: -- Configure your migration according to your business needs by using the migration rule (.xml) files to control exactly which files and settings are migrated and how they are migrated. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). -- Fit your customized migration into your automated deployment process by using the ScanState and LoadState tools, which control collecting and restoring the user files and settings. For more information, see [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md). -- Perform offline migrations. You can run migrations offline by using the ScanState command in Windows Preinstallation Environment (WinPE) or you can perform migrations from previous installations of Windows contained in Windows.old directories. For more information about migration types, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md) and [Offline Migration Reference](offline-migration-reference.md). +- Configure your migration according to your business needs by using the migration rule (.xml) files to control exactly which files and settings are migrated and how they're migrated. For more information about how to modify these files, see [USMT XML reference](usmt-xml-reference.md). +- Fit your customized migration into your automated deployment process by using the **ScanState** and **LoadState** tools, which control collecting and restoring the user files and settings. For more information, see [User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md). +- Perform offline migrations. You can run migrations offline by using the ScanState command in Windows Preinstallation Environment (WinPE) or you can perform migrations from previous installations of Windows contained in Windows.old directories. For more information about migration types, see [Choose a migration store Type](usmt-choose-migration-store-type.md) and [Offline migration reference](offline-migration-reference.md). ## Benefits USMT provides the following benefits to businesses that are deploying Windows operating systems: -- Safely migrates user accounts, operating system and application settings. -- Lowers the cost of deploying Windows by preserving user state. -- Reduces end-user downtime required to customize desktops and find missing files. -- Reduces help-desk calls. -- Reduces the time needed for the user to become familiar with the new operating system. -- Increases employee satisfaction with the migration experience. +- Safely migrates user accounts, operating system and application settings. +- Lowers the cost of deploying Windows by preserving user state. +- Reduces end-user downtime required to customize desktops and find missing files. +- Reduces help-desk calls. +- Reduces the time needed for the user to become familiar with the new operating system. +- Increases employee satisfaction with the migration experience. ## Limitations -USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [PCmover Express](https://go.microsoft.com/fwlink/?linkid=620915). PCmover is not a free utility. PCmover Express is a tool created by Microsoft's partner, Laplink. +USMT is intended for administrators who are performing large-scale automated deployments. If you're only migrating the user states of a few computers, you can use [PCmover Express](https://go.microsoft.com/fwlink/?linkid=620915). PCmover isn't a free utility. PCmover Express is a tool created by Microsoft's partner, Laplink. -There are some scenarios in which the use of USMT is not recommended. These include: +There are some scenarios in which the use of USMT isn't recommended. These scenarios include: -- Migrations that require end-user interaction. -- Migrations that require customization on a machine-by-machine basis. +- Migrations that require end-user interaction. +- Migrations that require customization on a machine-by-machine basis. -## Related topics +## Related articles -- [User State Migration Tool (USMT) Technical Reference](usmt-technical-reference.md) +- [User State Migration Tool (USMT) technical reference](usmt-technical-reference.md) diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index 0a19f947c6..6559990881 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -11,24 +11,24 @@ ms.topic: article ms.technology: itpro-deploy --- -# Plan Your Migration +# Plan your migration -Before you use the User State Migration Tool (USMT) 10.0 to perform your migration, we recommend that you plan your migration carefully. Planning can help your migration proceed smoothly and can reduce the risk of migration failure. +Before you use the User State Migration Tool (USMT) 10.0 to perform your migration, we recommend that you plan your migration carefully. Planning can help your migration proceed smoothly and can reduce the risk of migration failure. In migration planning, both organizations and individuals must first identify what to migrate, including user settings, applications and application settings, and personal data files and folders. Identifying the applications to migrate is especially important so that you can avoid capturing data about applications that may be phased out. -One of the most important requirements for migrating settings and data is restoring only the information that the destination computer requires. Although the data that you capture on the source computer may be more comprehensive than the restoration data for backup purposes, restoring data or settings for applications that you will not install on the destination system is redundant. This can also introduce instability in a newly deployed computer. +One of the most important requirements for migrating settings and data is restoring only the information that the destination computer requires. Although the data that you capture on the source computer may be more comprehensive than the restoration data for backup purposes, restoring data or settings for applications that you won't install on the destination system is redundant. Restoring data or settings for applications that aren't installed can also introduce instability in a newly deployed computer. -## In This Section +## In this section | Link | Description | |--- |--- | -|[Common Migration Scenarios](usmt-common-migration-scenarios.md)|Determine whether you will perform a refresh migration or a replace migration.| -|[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)|Learn which applications, user data, and operating system components USMT migrates.| -|[Choose a Migration Store Type](usmt-choose-migration-store-type.md)|Choose an uncompressed, compressed, or hard-link migration store.| -|[Determine What to Migrate](usmt-determine-what-to-migrate.md)|Identify user accounts, application settings, operating system settings, and files that you want to migrate inside your organization.| -|[Test Your Migration](usmt-test-your-migration.md)|Test your migration before you deploy Windows to all users.| +|[Common migration scenarios](usmt-common-migration-scenarios.md)|Determine whether you'll perform a refresh migration or a replace migration.| +|[What does USMT migrate?](usmt-what-does-usmt-migrate.md)|Learn which applications, user data, and operating system components USMT migrates.| +|[Choose a migration store type](usmt-choose-migration-store-type.md)|Choose an uncompressed, compressed, or hard-link migration store.| +|[Determine what to migrate](usmt-determine-what-to-migrate.md)|Identify user accounts, application settings, operating system settings, and files that you want to migrate inside your organization.| +|[Test your migration](usmt-test-your-migration.md)|Test your migration before you deploy Windows to all users.| -## Related topics +## Related articles -[USMT XML Reference](usmt-xml-reference.md) +[USMT XML reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index 9f2b03a289..000f67af87 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -11,84 +11,75 @@ ms.collection: highpri ms.technology: itpro-deploy --- -# Recognized Environment Variables +# Recognized environment variables +When using the XML files `MigDocs.xml`, `MigApp.xml`, and `MigUser.xml`, you can use environment variables to identify folders that may be different on different computers. Constant special item ID list (CSIDL) values provide a way to identify folders that applications use frequently but may not have the same name or location on any given computer. For example, the **Documents** folder may be `C:\Users\\My Documents` on one computer and `C:\Documents and Settings\\My Documents` on another. You can use the asterisk (\*) wildcard character in `MigUser.xml`, `MigApp.xml` and `MigDoc.xml` files. However, you can't use the asterisk (\*) wildcard characters in the `Config.xml` file. -When using the XML files MigDocs.xml, MigApp.xml, and MigUser.xml, you can use environment variables to identify folders that may be different on different computers. Constant special item ID list (CSIDL) values provide a way to identify folders that applications use frequently but may not have the same name or location on any given computer. For example, the documents folder may be C:\\Users\\<Username>\\My Documents on one computer and C:\\Documents and Settings on another. You can use the asterisk (\*) wildcard character in MigUser.xml, MigApp.xml and MigDoc.xml files. However, you cannot use the asterisk (\*) wildcard characters in the Config.xml file. - -## In This Topic - - -- [Variables that are processed for the operating system and in the context of each user](#bkmk-1) - -- [Variables that are recognized only in the user context](#bkmk-2) - -## Variables that are processed for the operating system and in the context of each user - +## Variables that are processed for the operating system and in the context of each user You can use these variables within sections in the .xml files with `context=UserAndSystem`, `context=User`, and `context=System`. |Variable|Explanation| |--- |--- | |**ALLUSERSAPPDATA**|Same as **CSIDL_COMMON_APPDATA**.| -|**ALLUSERSPROFILE**|Refers to %**PROFILESFOLDER**%\Public or %**PROFILESFOLDER**%\all users.| +|**ALLUSERSPROFILE**|Refers to `%PROFILESFOLDER%\Public` or `%PROFILESFOLDER%\all users`.| |**COMMONPROGRAMFILES**|Same as **CSIDL_PROGRAM_FILES_COMMON**.| -|**COMMONPROGRAMFILES**(X86)|Refers to the C:\Program Files (x86)\Common Files folder on 64-bit systems.| -|**CSIDL_COMMON_ADMINTOOLS**|Version 10.0. The file-system directory that contains administrative tools for all users of the computer.| +|**COMMONPROGRAMFILES**(X86)|Refers to the `C:\Program Files (x86)\Common Files` folder on 64-bit systems.| +|**CSIDL_COMMON_ADMINTOOLS**|Version 10.0. The file-system directory that contains administrative tools for all users of the computer.| |**CSIDL_COMMON_ALTSTARTUP**|The file-system directory that corresponds to the non-localized Startup program group for all users.| -|**CSIDL_COMMON_APPDATA**|The file-system directory that contains application data for all users. A typical path Windows is C:\ProgramData.| -|**CSIDL_COMMON_DESKTOPDIRECTORY**|The file-system directory that contains files and folders that appear on the desktop for all users. A typical Windows® XP path is C:\Documents and Settings\All Users\Desktop. A typical path is C:\Users\Public\Desktop.| -|**CSIDL_COMMON_DOCUMENTS**|The file-system directory that contains documents that are common to all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Documents. A typical path is C:\Users\Public\Documents.| -|**CSIDL_COMMON_FAVORITES**|The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.| -|**CSIDL_COMMON_MUSIC**|The file-system directory that serves as a repository for music files common to all users. A typical path is C:\Users\Public\Music.| -|**CSIDL_COMMON_PICTURES**|The file-system directory that serves as a repository for image files common to all users. A typical path is C:\Users\Public\Pictures.| -|**CSIDL_COMMON_PROGRAMS**|The file-system directory that contains the directories for the common program groups that appear on the **Start** menu for all users. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs.| -|**CSIDL_COMMON_STARTMENU**|The file-system directory that contains the programs and folders which appear on the **Start** menu for all users. A typical path in Windows is C:\ProgramData\Microsoft\Windows\Start Menu.| -|**CSIDL_COMMON_STARTUP**|The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.| -|**CSIDL_COMMON_TEMPLATES**|The file-system directory that contains the templates that are available to all users. A typical path is C:\ProgramData\Microsoft\Windows\Templates.| -|**CSIDL_COMMON_VIDEO**|The file-system directory that serves as a repository for video files common to all users. A typical path is C:\Users\Public\Videos.| -|**CSIDL_DEFAULT_APPDATA**|Refers to the Appdata folder inside %**DEFAULTUSERPROFILE**%.| -|C**SIDL_DEFAULT_LOCAL_APPDATA**|Refers to the local Appdata folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_COOKIES**|Refers to the Cookies folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_CONTACTS**|Refers to the Contacts folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_DESKTOP**|Refers to the Desktop folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_DOWNLOADS**|Refers to the Downloads folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_FAVORITES**|Refers to the Favorites folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_HISTORY**|Refers to the History folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_INTERNET_CACHE**|Refers to the Internet Cache folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_PERSONAL**|Refers to the Personal folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_MYDOCUMENTS**|Refers to the My Documents folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_MYPICTURES**|Refers to the My Pictures folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_MYMUSIC**|Refers to the My Music folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_MYVIDEO**|Refers to the My Videos folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_RECENT**|Refers to the Recent folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_SENDTO**|Refers to the Send To folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_STARTMENU**|Refers to the Start Menu folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_PROGRAMS**|Refers to the Programs folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_STARTUP**|Refers to the Startup folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_TEMPLATES**|Refers to the Templates folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_DEFAULT_QUICKLAUNCH**|Refers to the Quick Launch folder inside %**DEFAULTUSERPROFILE**%.| -|**CSIDL_FONTS**|A virtual folder containing fonts. A typical path is C:\Windows\Fonts.| -|**CSIDL_PROGRAM_FILESX86**|The Program Files folder on 64-bit systems. A typical path is C:\Program Files(86).| -|**CSIDL_PROGRAM_FILES_COMMONX86**|A folder for components that are shared across applications on 64-bit systems. A typical path is C:\Program Files(86)\Common.| -|**CSIDL_PROGRAM_FILES**|The Program Files folder. A typical path is C:\Program Files.| -|**CSIDL_PROGRAM_FILES_COMMON**|A folder for components that are shared across applications. A typical path is C:\Program Files\Common.| -|**CSIDL_RESOURCES**|The file-system directory that contains resource data. A typical path is C:\Windows\Resources.| -|**CSIDL_SYSTEM**|The Windows System folder. A typical path is C:\Windows\System32.| -|**CSIDL_WINDOWS**|The Windows directory or system root. This corresponds to the %**WINDIR**% or %**SYSTEMROOT**% environment variables. A typical path is C:\Windows.| -|**DEFAULTUSERPROFILE**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile]**.| -|**PROFILESFOLDER**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory]**.| +|**CSIDL_COMMON_APPDATA**|The file-system directory that contains application data for all users. A typical path Windows is `C:\ProgramData`.| +|**CSIDL_COMMON_DESKTOPDIRECTORY**|The file-system directory that contains files and folders that appear on the desktop for all users. A typical path is `C:\Users\Public\Desktop`.| +|**CSIDL_COMMON_DOCUMENTS**|The file-system directory that contains documents that are common to all users. A typical path is `C:\Users\Public\Documents`.| +|**CSIDL_COMMON_FAVORITES**|The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.| +|**CSIDL_COMMON_MUSIC**|The file-system directory that serves as a repository for music files common to all users. A typical path is `C:\Users\Public\Music`.| +|**CSIDL_COMMON_PICTURES**|The file-system directory that serves as a repository for image files common to all users. A typical path is `C:\Users\Public\Pictures`.| +|**CSIDL_COMMON_PROGRAMS**|The file-system directory that contains the directories for the common program groups that appear on the **Start** menu for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs`.| +|**CSIDL_COMMON_STARTMENU**|The file-system directory that contains the programs and folders that appear on the **Start** menu for all users. A typical path in Windows is `C:\ProgramData\Microsoft\Windows\Start Menu`.| +|**CSIDL_COMMON_STARTUP**|The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup`.| +|**CSIDL_COMMON_TEMPLATES**|The file-system directory that contains the templates that are available to all users. A typical path is `C:\ProgramData\Microsoft\Windows\Templates`.| +|**CSIDL_COMMON_VIDEO**|The file-system directory that serves as a repository for video files common to all users. A typical path is `C:\Users\Public\Videos`.| +|**CSIDL_DEFAULT_APPDATA**|Refers to the Appdata folder inside `%DEFAULTUSERPROFILE%`.| +|C**SIDL_DEFAULT_LOCAL_APPDATA**|Refers to the local Appdata folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_COOKIES**|Refers to the Cookies folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_CONTACTS**|Refers to the Contacts folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_DESKTOP**|Refers to the Desktop folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_DOWNLOADS**|Refers to the Downloads folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_FAVORITES**|Refers to the Favorites folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_HISTORY**|Refers to the History folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_INTERNET_CACHE**|Refers to the Internet Cache folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_PERSONAL**|Refers to the Personal folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_MYDOCUMENTS**|Refers to the My Documents folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_MYPICTURES**|Refers to the My Pictures folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_MYMUSIC**|Refers to the My Music folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_MYVIDEO**|Refers to the My Videos folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_RECENT**|Refers to the Recent folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_SENDTO**|Refers to the Send To folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_STARTMENU**|Refers to the Start Menu folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_PROGRAMS**|Refers to the Programs folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_STARTUP**|Refers to the Startup folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_TEMPLATES**|Refers to the Templates folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_DEFAULT_QUICKLAUNCH**|Refers to the Quick Launch folder inside `%DEFAULTUSERPROFILE%`.| +|**CSIDL_FONTS**|A virtual folder containing fonts. A typical path is `C:\Windows\Fonts`.| +|**CSIDL_PROGRAM_FILESX86**|The Program Files folder on 64-bit systems. A typical path is `C:\Program Files(86)`.| +|**CSIDL_PROGRAM_FILES_COMMONX86**|A folder for components that are shared across applications on 64-bit systems. A typical path is `C:\Program Files(86)\Common`.| +|**CSIDL_PROGRAM_FILES**|The Program Files folder. A typical path is `C:\Program Files`.| +|**CSIDL_PROGRAM_FILES_COMMON**|A folder for components that are shared across applications. A typical path is `C:\Program Files\Common`.| +|**CSIDL_RESOURCES**|The file-system directory that contains resource data. A typical path is `C:\Windows\Resources`.| +|**CSIDL_SYSTEM**|The Windows System folder. A typical path is `C:\Windows\System32`.| +|**CSIDL_WINDOWS**|The Windows directory or system root path. This value corresponds to the `%WINDIR%` or `%SYSTEMROOT%` environment variables. A typical path is `C:\Windows`.| +|**DEFAULTUSERPROFILE**|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile]`.| +|**PROFILESFOLDER**|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory]`.| |**PROGRAMFILES**|Same as **CSIDL_PROGRAM_FILES**.| -|**PROGRAMFILES(X86)**|Refers to the C:\Program Files (x86) folder on 64-bit systems.| -|**SYSTEM**|Refers to %**WINDIR**%\system32.| -|**SYSTEM16**|Refers to %**WINDIR**%\system.| -|**SYSTEM32**|Refers to %**WINDIR**%\system32.| -|**SYSTEMDRIVE**|The drive that holds the Windows folder. Note that this is a drive name and not a folder name (`C:` not `C:\`).| -|**SYSTEMPROFILE**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath]**.| +|**PROGRAMFILES(X86)**|Refers to the `C:\Program Files (x86)` folder on 64-bit systems.| +|**SYSTEM**|Refers to `%WINDIR%\system32`.| +|**SYSTEM16**|Refers to `%WINDIR%\system`.| +|**SYSTEM32**|Refers to `%WINDIR%\system32`.| +|**SYSTEMDRIVE**|The drive that holds the Windows folder. This value is a drive name and not a folder name (`C:` not `C:\`).| +|**SYSTEMPROFILE**|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath]`.| |**SYSTEMROOT**|Same as **WINDIR**.| |**WINDIR**|Refers to the Windows folder located on the system drive.| -## Variables that are recognized only in the user context +## Variables that are recognized only in the user context You can use these variables in the .xml files within sections with `context=User` and `context=UserAndSystem`. @@ -97,44 +88,44 @@ You can use these variables in the .xml files within sections with `context=User |**APPDATA**|Same as **CSIDL_APPDATA**.| |**CSIDL_ADMINTOOLS**|The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.| |**CSIDL_ALTSTARTUP**|The file-system directory that corresponds to the user's non-localized Startup program group.| -|**CSIDL_APPDATA**|The file-system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\username\Application Data or C:\Users\username\AppData\Roaming.| +|**CSIDL_APPDATA**|The file-system directory that serves as a common repository for application-specific data. A typical path is `C:\Users\\AppData\Roaming`.| |**CSIDL_BITBUCKET**|The virtual folder that contains the objects in the user's Recycle Bin.| -|**CSIDL_CDBURN_AREA**|The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning.| +|**CSIDL_CDBURN_AREA**|The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is `C:\Users\\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning`.| |**CSIDL_CONNECTIONS**|The virtual folder representing Network Connections that contains network and dial-up connections.| -|**CSIDL_CONTACTS**|This refers to the Contacts folder in %**CSIDL_PROFILE**%.| +|**CSIDL_CONTACTS**|This value refers to the Contacts folder in %**CSIDL_PROFILE**%.| |**CSIDL_CONTROLS**|The virtual folder that contains icons for the Control Panel items.| -|**CSIDL_COOKIES**|The file-system directory that serves as a common repository for Internet cookies. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies.| +|**CSIDL_COOKIES**|The file-system directory that serves as a common repository for Internet cookies. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Cookies`.| |**CSIDL_DESKTOP**|The virtual folder representing the Windows desktop.| -|**CSIDL_DESKTOPDIRECTORY**|The file-system directory used to physically store file objects on the desktop, which should not be confused with the desktop folder itself. A typical path is C:\Users\username\Desktop.| +|**CSIDL_DESKTOPDIRECTORY**|The file-system directory used to physically store file objects on the desktop, which shouldn't be confused with the desktop folder itself. A typical path is `C:\Users\\Desktop`.| |**CSIDL_DRIVES**|The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.| -|**CSIDL_FAVORITES**|The file-system directory that serves as a common repository for the user's favorites. A typical path is C:\Users\Username\Favorites.| +|**CSIDL_FAVORITES**|The file-system directory that serves as a common repository for the user's favorites. A typical path is `C:\Users\\Favorites`.| |**CSIDL_HISTORY**|The file-system directory that serves as a common repository for Internet history items.| |**CSIDL_INTERNET**|A virtual folder for Internet Explorer.| -|**CSIDL_INTERNET_CACHE**|The file-system directory that serves as a common repository for temporary Internet files. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files| -|**CSIDL_LOCAL_APPDATA**|The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is C:\Users\username\AppData\Local.| -|**CSIDL_MYDOCUMENTS**|The virtual folder representing My Documents.A typical path is C:\Users\Username\Documents.| -|**CSIDL_MYMUSIC**|The file-system directory that serves as a common repository for music files. A typical path is C:\Users\Username\Music.| -|**CSIDL_MYPICTURES**|The file-system directory that serves as a common repository for image files. A typical path is C:\Users\Username\Pictures.| -|**CSIDL_MYVIDEO**|The file-system directory that serves as a common repository for video files. A typical path is C:\Users\Username\Videos.| -|**CSIDL_NETHOOD**|A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Network Shortcuts.| +|**CSIDL_INTERNET_CACHE**|The file-system directory that serves as a common repository for temporary Internet files. A typical path is `C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files`| +|**CSIDL_LOCAL_APPDATA**|The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is `C:\Users\\AppData\Local`.| +|**CSIDL_MYDOCUMENTS**|The virtual folder representing My Documents.A typical path is `C:\Users\\Documents`.| +|**CSIDL_MYMUSIC**|The file-system directory that serves as a common repository for music files. A typical path is `C:\Users\\Music`.| +|**CSIDL_MYPICTURES**|The file-system directory that serves as a common repository for image files. A typical path is `C:\Users\\Pictures`.| +|**CSIDL_MYVIDEO**|The file-system directory that serves as a common repository for video files. A typical path is `C:\Users\\Videos`.| +|**CSIDL_NETHOOD**|A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It isn't the same as **CSIDL_NETWORK**, which represents the network namespace root. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Network Shortcuts`.| |**CSIDL_NETWORK**|A virtual folder representing My Network Places, the root of the network namespace hierarchy.| -|**CSIDL_PERSONAL**|The virtual folder representing the My Documents desktop item. This is equivalent to **CSIDL_MYDOCUMENTS**.
A typical path is C:\Documents and Settings\username\My Documents.| -|**CSIDL_PLAYLISTS**|The virtual folder used to store play albums, typically C:\Users\username\My Music\Playlists.| +|**CSIDL_PERSONAL**|The virtual folder representing the My Documents desktop item. This value is equivalent to **CSIDL_MYDOCUMENTS**. A typical path is `C:\Documents and Settings\\My Documents`.| +|**CSIDL_PLAYLISTS**|The virtual folder used to store play albums, typically `C:\Users\\My Music\Playlists`.| |**CSIDL_PRINTERS**|The virtual folder that contains installed printers.| -|**CSIDL_PRINTHOOD**|The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Printer Shortcuts.| -|**CSIDL_PROFILE**|The user's profile folder. A typical path is C:\Users\Username.| -|**CSIDL_PROGRAMS**|The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.| -|**CSIDL_RECENT**|The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Recent.| -|**CSIDL_SENDTO**|The file-system directory that contains **Send To** menu items. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\SendTo.| -|**CSIDL_STARTMENU**|The file-system directory that contains **Start** menu items. A typical path in Windows XP is C:\Documents and Settings\username\Start Menu. A typical path in Windows Vista, Windows 7, or Windows 8 is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu.| -|**CSIDL_STARTUP**|The file-system directory that corresponds to the user's Startup program group. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.| -|**CSIDL_TEMPLATES**|The file-system directory that serves as a common repository for document templates. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Templates.| +|**CSIDL_PRINTHOOD**|The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Printer Shortcuts`.| +|**CSIDL_PROFILE**|The user's profile folder. A typical path is `C:\Users\`.| +|**CSIDL_PROGRAMS**|The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs`.| +|**CSIDL_RECENT**|The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Recent`.| +|**CSIDL_SENDTO**|The file-system directory that contains **Send To** menu items. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\SendTo`.| +|**CSIDL_STARTMENU**|The file-system directory that contains **Start** menu items. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu`.| +|**CSIDL_STARTUP**|The file-system directory that corresponds to the user's Startup program group. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup`.| +|**CSIDL_TEMPLATES**|The file-system directory that serves as a common repository for document templates. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Templates`.| |**HOMEPATH**|Same as the standard environment variable.| -|**TEMP**|The temporary folder on the computer. A typical path is %**USERPROFILE**%\AppData\Local\Temp.| -|**TMP**|The temporary folder on the computer. A typical path is %**USERPROFILE**%\AppData\Local\Temp.| +|**TEMP**|The temporary folder on the computer. A typical path is `%USERPROFILE%\AppData\Local\Temp`.| +|**TMP**|The temporary folder on the computer. A typical path is `%**USERPROFILE**%\AppData\Local\Temp`.| |**USERPROFILE**|Same as **CSIDL_PROFILE**.| -|**USERSID**|Represents the current user-account security identifier (SID). For example,
S-1-5-21-1714567821-1326601894-715345443-1026.| +|**USERSID**|Represents the current user-account security identifier (SID). For example, `S-1-5-21-1714567821-1326601894-715345443-1026`.| -## Related topics +## Related articles -[USMT XML Reference](usmt-xml-reference.md) +[USMT XML reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md index 06c1fbebbb..9c2604adf1 100644 --- a/windows/deployment/usmt/usmt-reference.md +++ b/windows/deployment/usmt/usmt-reference.md @@ -11,24 +11,24 @@ ms.topic: article ms.technology: itpro-deploy --- -# User State Migration Toolkit (USMT) Reference +# User State Migration Toolkit (USMT) reference -## In This Section +## In this section | Link | Description | |--- |--- | -|[USMT Requirements](usmt-requirements.md)|Describes operating system, hardware, and software requirements, and user prerequisites.| -|[USMT Best Practices](usmt-best-practices.md)|Discusses general and security-related best practices when using USMT.| -|[How USMT Works](usmt-how-it-works.md)|Learn about the processes behind the ScanState and LoadState tools.| -|[Plan Your Migration](usmt-plan-your-migration.md)|Choose what to migrate and the best migration scenario for your enterprise.| -|[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)|Explore command-line options for the ScanState, LoadState, and UsmtUtils tools.| -|[USMT XML Reference](usmt-xml-reference.md)|Learn about customizing a migration with XML files.| -|[Offline Migration Reference](offline-migration-reference.md)|Find requirements, best practices, and other considerations for performing a migration offline.| +|[USMT requirements](usmt-requirements.md)|Describes operating system, hardware, and software requirements, and user prerequisites.| +|[USMT best practices](usmt-best-practices.md)|Discusses general and security-related best practices when using USMT.| +|[How USMT works](usmt-how-it-works.md)|Learn about the processes behind the ScanState and LoadState tools.| +|[Plan your migration](usmt-plan-your-migration.md)|Choose what to migrate and the best migration scenario for your enterprise.| +|[User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md)|Explore command-line options for the ScanState, LoadState, and UsmtUtils tools.| +|[USMT XML reference](usmt-xml-reference.md)|Learn about customizing a migration with XML files.| +|[Offline Migration reference](offline-migration-reference.md)|Find requirements, best practices, and other considerations for performing a migration offline.| -## Related topics +## Related articles -[User State Migration Tool (USMT) Overview Topics](usmt-topics.md) +[User State Migration Tool (USMT) overview topics](usmt-topics.md) -[User State Migration Tool (USMT) How-to topics](usmt-how-to.md) +[User State Migration Tool (USMT) how-to topics](usmt-how-to.md) -[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) +[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md) diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index 622a516b54..b3af869f87 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -11,92 +11,83 @@ ms.topic: article ms.technology: itpro-deploy --- -# USMT Requirements +# USMT requirements -## In This Topic +## Supported operating systems -- [Supported Operating Systems](#bkmk-1) -- [Windows PE](#windows-pe) -- [Credentials](#credentials) -- [Config.xml](#configxml) -- [LoadState](#loadstate) -- [Hard Disk Requirements](#bkmk-3) -- [User Prerequisites](#bkmk-userprereqs) - -## Supported Operating Systems - -The User State Migration Tool (USMT) 10.0 does not have any explicit RAM or CPU speed requirements for either the source or destination computers. If your computer complies with the system requirements of the operating system, it also complies with the requirements for USMT. You need an intermediate store location large enough to hold all of the migrated data and settings, and the same amount of hard disk space on the destination computer for the migrated files and settings. +The User State Migration Tool (USMT) 10.0 doesn't have any explicit RAM or CPU speed requirements for either the source or destination computers. If your computer complies with the system requirements of the operating system, it also complies with the requirements for USMT. You need an intermediate store location large enough to hold all of the migrated data and settings, and the same amount of hard disk space on the destination computer for the migrated files and settings. The following table lists the operating systems supported in USMT. -|Operating Systems|ScanState (source computer)|LoadState (destination computer)| +|Operating Systems|ScanState (source computer)|LoadState (destination computer)| |--- |--- |--- | -|32-bit versions of Windows 7|✔️|✔️| -|64-bit versions of Windows 7|✔️|✔️| -|32-bit versions of Windows 8|✔️|✔️| -|64-bit versions of Windows 8|✔️|✔️| -|32-bit versions of Windows 10|✔️|✔️| -|64-bit versions of Windows 10|✔️|✔️| +|32-bit versions of Windows 7|✔️|✔️| +|64-bit versions of Windows 7|✔️|✔️| +|32-bit versions of Windows 8|✔️|✔️| +|64-bit versions of Windows 8|✔️|✔️| +|32-bit versions of Windows 10|✔️|✔️| +|64-bit versions of Windows 10|✔️|✔️| > [!NOTE] > You can migrate a 32-bit operating system to a 64-bit operating system. However, you cannot migrate a 64-bit operating system to a 32-bit operating system. -USMT does not support any of the Windows Server® operating systems, Windows 2000, Windows XP, or any of the starter editions for Windows Vista or Windows 7. +## Unsupported scenarios -USMT for Windows 10 should not be used for migrating from Windows 7 to Windows 8.1. It is meant to migrate to Windows 10. -For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](/previous-versions/windows/server/dd560801(v=ws.10)). +- USMT doesn't support any of the Windows Server® operating systems. +- USMT for Windows 10 shouldn't be used for migrating between previous versions of Windows. USMT for Windows 10 is only meant to migrate to Windows 10 or between Windows 10 versions. For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](/previous-versions/windows/server/dd560801(v=ws.10)). ## Windows PE -- **Must use latest version of Windows PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](/windows-hardware/manufacture/desktop/whats-new-in-windows-pe-s14). +- **Must use latest version of Windows PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](/windows-hardware/manufacture/desktop/whats-new-in-windows-pe-s14). ## Credentials - **Run as administrator** - When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8, or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration. + When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8, or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you don't run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration. To open an elevated command prompt: -1. Click **Start**. +1. Select **Start**. 2. Enter **cmd** in the search function. -3. Depending on the OS you are using, **cmd** or **Command Prompt** is displayed. -3. Right-click **cmd** or **Command Prompt**, and then click **Run as administrator**. -4. If the current user is not already an administrator, you will be prompted to enter administrator credentials. +3. Depending on the OS you're using, **cmd** or **Command Prompt** is displayed. +4. Right-click **cmd** or **Command Prompt**, and then select **Run as administrator**. +5. If the current user isn't already an administrator, you'll be prompted to enter administrator credentials. > [!IMPORTANT] > You must run USMT using an account with full administrative permissions, including the following privileges: - -- SeBackupPrivilege (Back up files and directories) -- SeDebugPrivilege (Debug programs) -- SeRestorePrivilege (Restore files and directories) -- SeSecurityPrivilege (Manage auditing and security log) -- SeTakeOwnership Privilege (Take ownership of files or other objects) +> - SeBackupPrivilege (Back up files and directories) +> - SeDebugPrivilege (Debug programs) +> - SeRestorePrivilege (Restore files and directories) +>- SeSecurityPrivilege (Manage auditing and security log) +> - SeTakeOwnership Privilege (Take ownership of files or other objects) ## Config.xml -- **Specify the /c option and <ErrorControl> settings in the Config.xml file.**
- USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file, which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **<ErrorControl>** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md). +### Specify the /c option and <ErrorControl> settings in the Config.xml file + +USMT will fail if it can't migrate a file or setting, unless you specify the `/c` option. When you specify the `/c` option, USMT logs an error each time it encounters a file that is in use that didn't migrate, but the migration won't be interrupted. In USMT, you can specify in the `Config.xml` file, which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **<ErrorControl>** element, see [Config.xml file](usmt-configxml-file.md#errorcontrol), [Log files](usmt-log-files.md), and [XML elements library](usmt-xml-elements-library.md). ## LoadState -- **Install applications before running the LoadState command.**
- Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved. +### Install applications before running the LoadState command. -## Hard-Disk Requirements +Install all applications on the destination computer before restoring the user state. Installing applications before running the `LoadState.exe` command ensures that migrated settings are preserved. -Ensure that there is enough available space in the migration-store location and on the source and destination computers. For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). +## Hard-Disk requirements -## User Prerequisites +Ensure that there's enough available space in the migration-store location and on the source and destination computers. For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). -This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following: +## User prerequisites -- The navigation and hierarchy of the Windows registry. -- The files and file types that applications use. -- The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software vendors. -- XML-authoring basics. +This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following concepts: -## Related topics +- The navigation and hierarchy of the Windows registry. +- The files and file types that applications use. +- The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software publishers. +- XML-authoring basics. -[Plan Your Migration](usmt-plan-your-migration.md)
-[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+## Related articles + +- [Plan your migration](usmt-plan-your-migration.md) +- [Estimate migration store size](usmt-estimate-migration-store-size.md) +- [User State Migration Tool (USMT) overview topics](usmt-topics.md) diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 8f8267209c..c3c9933bf0 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -25,7 +25,7 @@ The ScanState command is used with the User State Migration Tool (USMT) 10.0 to [Migration Rule Options](#bkmk-migrationruleoptions) -[Monitoring Options](#bkmk-monitoringoptions) +[Monitoring Options](#monitoring-options) [User Options](#bkmk-useroptions) @@ -126,7 +126,7 @@ USMT provides the following options to specify what files you want to migrate. | **/targetwindows7** | Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command-line option in the following scenarios:
  • **To create a Config.xml file by using the /genconfig option.** Using the **/targetwindows7** option optimizes the Config.xml file so that it only contains components that relate to Windows 7.
  • **To create a migration store.** Using the **/targetwindows7** option ensures that the ScanState tool gathers the correct set of operating system settings. Without the **/targetwindows7** command-line option, some settings can be lost during the migration.
| | **/localonly** | Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the **/localonly** option is not specified, then the **ScanState** command will copy files from these removable or network drives into the store.

Anything that is not considered a fixed drive by the OS will be excluded by **/localonly**. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md).

The **/localonly** command-line option includes or excludes data in the migration as identified in the following:
  • **Removable drives such as a USB flash drive** - Excluded
  • **Network drives** - Excluded
  • **Fixed drives** - Included
| -## Monitoring Options +## Monitoring options USMT provides several options that you can use to analyze problems that occur during migration. diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index ed1bc0aacd..d9b9911c21 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-deploy --- -# XML Elements Library +# XML elements library This topic describes the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT). It is assumed that you understand the basics of XML. @@ -1753,7 +1753,7 @@ This is an internal USMT element. Do not use this element. This is an internal USMT element. Do not use this element. -## <pattern> +## <pattern> You can use this element to specify multiple objects. You can specify multiple <pattern> elements for each <objectSet> element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with <script> instead. GenerateDrivePatterns is basically the same as a <pattern> rule, without the drive letter specification. For example, the following two lines of code are similar: From e68af0b5cc0ef917e4b7b54ac6bbadda20f42a89 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 3 Nov 2022 15:55:11 -0700 Subject: [PATCH 014/108] Windows Holographic, 22H2 policies --- ...es-in-policy-csp-supported-by-hololens2.md | 23 ++++++++++--------- .../mdm/policy-csp-mixedreality.md | 17 ++------------ 2 files changed, 14 insertions(+), 26 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index c78db44623..e0e86a2289 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -52,20 +52,20 @@ ms.date: 08/01/2022 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9 -- [MixedReality/AllowCaptivePortalBeforeLogon](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforelogon) Insider +- [MixedReality/AllowCaptivePortalBeforeLogon](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforelogon) 12 - [MixedReality/AllowLaunchUriInSingleAppKiosk](./policy-csp-mixedreality.md#mixedreality-allowlaunchuriinsingleappkiosk)10 - [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 11 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9 - [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update) -- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) Insider -- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) Insider +- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) 12 +- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) 12 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9 - [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) 9 - [MixedReality/ManualDownDirectionDisabled](policy-csp-mixedreality.md#mixedreality-manualdowndirectiondisabled) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update) - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9 -- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) Insider -- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) Insider -- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) Insider +- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) 12 +- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) 12 +- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) 12 - [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) 10 - [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) 9 - [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) 9 @@ -105,11 +105,11 @@ ms.date: 08/01/2022 - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn) - [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist) 9 - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate) -- [Storage/AllowStorageSenseGlobal](policy-csp-storage.md#storage-allowstoragesenseglobal) Insider -- [Storage/AllowStorageSenseTemporaryFilesCleanup](policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup) Insider -- [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold) Insider -- [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold) Insider -- [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#storage-configstoragesenseglobalcadence) Insider +- [Storage/AllowStorageSenseGlobal](policy-csp-storage.md#storage-allowstoragesenseglobal) 12 +- [Storage/AllowStorageSenseTemporaryFilesCleanup](policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup) 12 +- [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold) 12 +- [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold) 12 +- [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#storage-configstoragesenseglobalcadence) 12 - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline) - [System/AllowLocation](policy-csp-system.md#system-allowlocation) - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) @@ -154,6 +154,7 @@ Footnotes: - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2) - 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1) - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2) +- 12 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-22h2) - Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider). ## Related topics diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index e308bcc662..f20ac1fca4 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -113,8 +113,7 @@ Steps to use this policy correctly: |HoloLens (first gen) Commercial Suite|No| |HoloLens 2|Yes| -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -341,9 +340,6 @@ Supported value is Integer. -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. - You may want to configure a different time server for your device fleet. IT admins can use thi policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy. This policy setting specifies a set of parameters for controlling the Windows NTP Client. Refer to [Policy CSP - ADMX_W32Time - Windows Client Management](/windows/client-management/mdm/policy-csp-admx-w32time#admx-w32time-policy-configure-ntpclient) for supported configuration parameters. @@ -394,9 +390,6 @@ value="0"/> -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. - [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -609,8 +602,6 @@ The following list shows the supported values: -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. This policy setting specifies whether the Windows NTP Client is enabled. @@ -642,9 +633,6 @@ This policy setting specifies whether the Windows NTP Client is enabled. -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. - [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -678,8 +666,7 @@ The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/Skip -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. + [Scope](./policy-configuration-service-provider.md#policy-scope): From 1d844f73bfd4dd035e8e0d84cabcddddf31495b9 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Thu, 3 Nov 2022 19:40:45 -0400 Subject: [PATCH 015/108] Metadata update deployment/usmt 11 --- .../usmt/usmt-common-migration-scenarios.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index f9aedeef22..4f68b4b46e 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -27,31 +27,31 @@ The following diagram shows a PC-refresh migration, also known as a computer ref A company has received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer. -1. On each computer, the administrator boots the machine into WinPE and runs the ScanState command-line tool, specifying the `/hardlink /nocompress` command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive. +1. On each computer, the administrator boots the machine into WinPE and runs the **ScanState** command-line tool, specifying the `/hardlink /nocompress` command-line options. **ScanState** saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive. 2. On each computer, the administrator installs the company's standard operating environment (SOE) which includes Windows 10 and other company applications. -3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer. +3. The administrator runs the **LoadState** command-line tool on each computer. **LoadState** restores each user state back to each computer. ### Scenario Two: PC-refresh using a compressed migration store A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server. -1. The administrator runs the ScanState command-line tool on each computer. ScanState saves each user state to a server. +1. The administrator runs the **ScanState** command-line tool on each computer. **ScanState** saves each user state to a server. 2. On each computer, the administrator installs the company's standard SOE that includes Windows 10 and other company applications. -3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer. +3. The administrator runs the **LoadState** command-line tool on each source computer, and **LoadState** restores each user state back to the computer. ### Scenario Three: PC-refresh using a hard-link migration store A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer. -1. The administrator runs the ScanState command-line tool on each computer, specifying the `/hardlink /nocompress` command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive. +1. The administrator runs the **ScanState** command-line tool on each computer, specifying the `/hardlink /nocompress` command-line options. **ScanState** saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive. 2. On each computer, the administrator installs the company's SOE that includes Windows 10 and other company applications. -3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer. +3. The administrator runs the **LoadState** command-line tool on each computer. **LoadState** restores each user state back on each computer. ### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store @@ -61,7 +61,7 @@ A company has decided to update the operating system on all of its computers to 2. On each computer, the administrator installs the company's SOE that includes company applications. -3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the `/hardlink /nocompress` command-line options. +3. The administrator runs the **ScanState** and **LoadState** command-line tools successively on each computer while specifying the `/hardlink /nocompress` command-line options. ## PC-replacement @@ -73,33 +73,33 @@ The following diagram shows a PC-replacement migration. First, the administrator A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled offline, without a network connection. -1. On each source computer, an administrator boots the machine into WinPE and runs ScanState to collect the user state to either a server or an external hard disk. +1. On each source computer, an administrator boots the machine into WinPE and runs **ScanState** to collect the user state to either a server or an external hard disk. 2. On each new computer, the administrator installs the company's SOE that includes Windows 10 and other company applications. -3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers. +3. On each of the new computers, the administrator runs the **LoadState** tool, restoring each user state from the migration store to one of the new computers. ### Scenario Two: Manual network migration -A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store. +A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the **ScanState** tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store. -1. The administrator runs the ScanState tool on each of the manager's old laptops, and saves each user state to a server. +1. The administrator runs the **ScanState** tool on each of the manager's old laptops, and saves each user state to a server. 2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications. -3. The administrator runs the LoadState tool on the new laptops to migrate the managers' user states to the appropriate computer. The new laptops are now ready for the managers to use. +3. The administrator runs the **LoadState** tool on the new laptops to migrate the managers' user states to the appropriate computer. The new laptops are now ready for the managers to use. 4. On the old computers, the administrator installs the company's SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use. ### Scenario Three: Managed network migration -A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a sign-in script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store. +A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a sign-in script or a batch file to run **ScanState** on each source computer to collect the user states and save them to a server in a compressed migration store. -1. On each source computer, the administrator runs the ScanState tool using Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), a sign-in script, a batch file, or a non-Microsoft management technology. ScanState collects the user state from each source computer and then saves it to a server. +1. On each source computer, the administrator runs the **ScanState** tool using Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), a sign-in script, a batch file, or a non-Microsoft management technology. **ScanState** collects the user state from each source computer and then saves it to a server. 2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications. -3. On each of the new computers, the administrator runs the LoadState tool using Microsoft Configuration Manager, a sign-in script, a batch file, or a non-Microsoft management technology. LoadState migrates each user state from the migration store to one of the new computers. +3. On each of the new computers, the administrator runs the **LoadState** tool using Microsoft Configuration Manager, a sign-in script, a batch file, or a non-Microsoft management technology. **LoadState** migrates each user state from the migration store to one of the new computers. ## Related articles From f0bab1bb78a5f0e7af81e5309dd512dcceec4003 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Thu, 3 Nov 2022 19:53:26 -0400 Subject: [PATCH 016/108] Metadata update deployment/usmt 13 --- windows/deployment/upgrade/log-files.md | 60 +++++++++---------- .../deployment/usmt/usmt-loadstate-syntax.md | 2 +- windows/deployment/usmt/usmt-log-files.md | 2 +- ...usmt-migrate-efs-files-and-certificates.md | 2 +- windows/deployment/usmt/usmt-requirements.md | 5 +- 5 files changed, 36 insertions(+), 35 deletions(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 07c1cb0fb4..1bfb6c23d8 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -13,20 +13,20 @@ ms.technology: itpro-deploy ms.date: 10/28/2022 --- -# Log files +# Windows upgrade log files **Applies to** -- Windows 10 ->[!NOTE] ->This is a 400 level topic (advanced).
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. +- Windows 10 +> [!NOTE] +> This is a 400 level topic (advanced).
+> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code. ->[!NOTE] ->Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. +> [!NOTE] +> Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. The following table describes some log files and how to use them for troubleshooting purposes:
@@ -46,15 +46,15 @@ The following table describes some log files and how to use them for troubleshoo A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements: -1. **The date and time** - 2016-09-08 09:20:05. +1. **The date and time** - 2016-09-08 09:20:05. -2. **The log level** - Info, Warning, Error, Fatal Error. +2. **The log level** - Info, Warning, Error, Fatal Error. -3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS. +3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS. The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors. -4. **The message** - Operation completed successfully. +4. **The message** - Operation completed successfully. See the following example: @@ -62,47 +62,47 @@ See the following example: |------|------------|------------|------------| |2016-09-08 09:23:50,| Warning | MIG | Couldn't replace object C:\Users\name\Cookies. Target Object can't be removed.| - ## Analyze log files The following instructions are meant for IT professionals. Also see the [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json) section in this guide to familiarize yourself with [result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) and [extend codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes). To analyze Windows Setup log files: -1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it isn't successful with the upgrade process. +1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it isn't successful with the upgrade process. -2. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate. +2. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate. -3. Open the log file in a text editor, such as notepad. +3. Open the log file in a text editor, such as notepad. -4. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below. +4. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below. -5. To find the last occurrence of the result code: +5. To find the last occurrence of the result code: - 1. Scroll to the bottom of the file and select after the last character. - 2. Select **Edit**. - 3. Select **Find**. - 4. Type the result code. - 5. Under **Direction** select **Up**. - 6. Select **Find Next**. + 1. Scroll to the bottom of the file and select after the last character. + 2. Select **Edit**. + 3. Select **Find**. + 4. Type the result code. + 5. Under **Direction** select **Up**. + 6. Select **Find Next**. -6. When you've located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed prior to generating the result code. +6. When you've located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed prior to generating the result code. -7. Search for the following important text strings: +7. Search for the following important text strings: - * **Shell application requested abort** - * **Abandoning apply due to error for object** + - `Shell application requested abort` + - `Abandoning apply due to error for object` -8. Decode Win32 errors that appear in this section. +8. Decode Win32 errors that appear in this section. -9. Write down the timestamp for the observed errors in this section. +9. Write down the timestamp for the observed errors in this section. 10. Search other log files for additional information matching these timestamps or errors. For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file: -> [!Note] +> [!NOTE] > Some lines in the text below are shortened to enhance readability. For example +> > - The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds > - The certificate file name, which is a long text string, is shortened to just "CN." diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 64d838d96e..49d925a26d 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -1,4 +1,4 @@ ----This +--- title: LoadState Syntax (Windows 10) description: Learn about the syntax and usage of the command-line options available when you use the LoadState command. ms.reviewer: diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 80d06d0350..9398cfb280 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-deploy --- -# Log files +# USMT log files You can use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This article describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue. diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index bad81e8a92..885356bdf2 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Migrate EFS files and certificates -This article describes how to migrate Encrypting File System (EFS) certificates. For more information about the `/efs` option, see [Encrypted file options](#encrypted-file-options) in [ScanState syntax](usmt-scanstate-syntax.md). +This article describes how to migrate Encrypting File System (EFS) certificates. For more information about the `/efs` option, see [Encrypted file options](usmt-scanstate-syntax.md#encrypted-file-options) in [ScanState syntax](usmt-scanstate-syntax.md). ## To migrate EFS files and certificates diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index b3af869f87..8386c169d6 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -34,7 +34,7 @@ The following table lists the operating systems supported in USMT. ## Unsupported scenarios - USMT doesn't support any of the Windows Server® operating systems. -- USMT for Windows 10 shouldn't be used for migrating between previous versions of Windows. USMT for Windows 10 is only meant to migrate to Windows 10 or between Windows 10 versions. For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](/previous-versions/windows/server/dd560801(v=ws.10)). +- USMT for Windows 10 shouldn't be used for migrating between previous versions of Windows. USMT for Windows 10 is only meant to migrate to Windows 10 or between Windows 10 versions. For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User's Guide](/previous-versions/windows/server/dd560801(v=ws.10)). ## Windows PE @@ -55,10 +55,11 @@ To open an elevated command prompt: > [!IMPORTANT] > You must run USMT using an account with full administrative permissions, including the following privileges: +> > - SeBackupPrivilege (Back up files and directories) > - SeDebugPrivilege (Debug programs) > - SeRestorePrivilege (Restore files and directories) ->- SeSecurityPrivilege (Manage auditing and security log) +> - SeSecurityPrivilege (Manage auditing and security log) > - SeTakeOwnership Privilege (Take ownership of files or other objects) ## Config.xml From 9e755b7bca3cc11971fa9eaa614315e30793a80c Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Thu, 3 Nov 2022 19:57:47 -0400 Subject: [PATCH 017/108] Metadata update deployment/usmt 14 --- windows/deployment/upgrade/log-files.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 1bfb6c23d8..2f094a73f8 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -70,7 +70,7 @@ To analyze Windows Setup log files: 1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it isn't successful with the upgrade process. -2. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate. +2. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a log file to investigate. 3. Open the log file in a text editor, such as notepad. From a6b4b251440e5843b05bc5c41dea26fd84bc3bff Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Thu, 3 Nov 2022 21:55:53 -0400 Subject: [PATCH 018/108] Metadata update deployment/usmt 15 --- windows/deployment/usmt/usmt-requirements.md | 8 +- .../usmt/usmt-reroute-files-and-settings.md | 56 +-- windows/deployment/usmt/usmt-resources.md | 33 +- windows/deployment/usmt/usmt-return-codes.md | 411 ++++++++++-------- 4 files changed, 262 insertions(+), 246 deletions(-) diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index 8386c169d6..6354c269db 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -34,7 +34,7 @@ The following table lists the operating systems supported in USMT. ## Unsupported scenarios - USMT doesn't support any of the Windows Server® operating systems. -- USMT for Windows 10 shouldn't be used for migrating between previous versions of Windows. USMT for Windows 10 is only meant to migrate to Windows 10 or between Windows 10 versions. For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User's Guide](/previous-versions/windows/server/dd560801(v=ws.10)). +- USMT for Windows 10 shouldn't be used for migrating between previous versions of Windows. USMT for Windows 10 is only meant to migrate to Windows 10 or between Windows 10 versions. For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) Overview](/previous-versions/windows/hh825227(v=win.10). ## Windows PE @@ -48,7 +48,7 @@ The following table lists the operating systems supported in USMT. To open an elevated command prompt: 1. Select **Start**. -2. Enter **cmd** in the search function. +2. Enter `cmd` in the search function. 3. Depending on the OS you're using, **cmd** or **Command Prompt** is displayed. 4. Right-click **cmd** or **Command Prompt**, and then select **Run as administrator**. 5. If the current user isn't already an administrator, you'll be prompted to enter administrator credentials. @@ -70,11 +70,11 @@ USMT will fail if it can't migrate a file or setting, unless you specify the `/c ## LoadState -### Install applications before running the LoadState command. +### Install applications before running the LoadState command Install all applications on the destination computer before restoring the user state. Installing applications before running the `LoadState.exe` command ensures that migrated settings are preserved. -## Hard-Disk requirements +## Hard-disk requirements Ensure that there's enough available space in the migration-store location and on the source and destination computers. For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md index 8be21ac8a0..ba1aa306c6 100644 --- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md +++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md @@ -1,6 +1,6 @@ --- title: Reroute Files and Settings (Windows 10) -description: Learn how to create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines to reroute files and settings. +description: Learn how to create a custom .xml file and specify this file name on both the ScanState and LoadState command lines to reroute files and settings. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,50 +13,39 @@ ms.technology: itpro-deploy # Reroute Files and Settings +To reroute files and settings, create a custom .xml file and specify the .xml file name on both the `ScanState.exe` and `LoadState.exe` command-lines. Th custom .xml file enables you to keep your changes separate from the default .xml files, so that it's easier to track your modifications. -To reroute files and settings, create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines. This enables you to keep your changes separate from the default .xml files, so that it is easier to track your modifications. +## Reroute a folder -In this topic: - -- [Reroute a Folder](#bkmk-reroutefolder) - -- [Reroute a Specific File Type](#bkmk-reroutespecfiletype) - -- [Reroute a Specific File](#bkmk-reroutespecificfile) - -## Reroute a Folder - - -The following custom .xml file migrates the directories and files from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS. +The following custom .xml file migrates the directories and files from `C:\EngineeringDrafts` into the **My Documents** folder of every user. **%CSIDL_PERSONAL%** is the virtual folder representing the **My Documents** desktop item, which is equivalent to **CSIDL_MYDOCUMENTS**. ``` xml Engineering Drafts Documents to Personal Folder -   + C:\EngineeringDrafts\* [*] -     - + + C:\EngineeringDrafts\* [*] -     -   + + ``` -## Reroute a Specific File Type +## Reroute a specific file type - -The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the C:\\Music folder on the destination computer. +The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the `C:\Music` folder on the destination computer. ``` xml @@ -81,10 +70,9 @@ The following custom .xml file reroutes .mp3 files located in the fixed drives o ``` -## Reroute a Specific File +## Reroute a specific file - -The following custom .xml file migrates the Sample.doc file from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS. +The following custom .xml file migrates the `Sample.doc` file from `C:\EngineeringDrafts` into the **My Documents** folder of every user. **%CSIDL_PERSONAL%** is the virtual folder representing the **My Documents** desktop item, which is equivalent to **CSIDL_MYDOCUMENTS**. ``` xml @@ -108,20 +96,10 @@ The following custom .xml file migrates the Sample.doc file from C:\\Engineering ``` -## Related topics - - -[Customize USMT XML Files](usmt-customize-xml-files.md) - -[Conflicts and Precedence](usmt-conflicts-and-precedence.md) - -[USMT XML Reference](usmt-xml-reference.md) - -  - -  - - +## Related articles +[Customize USMT XML files](usmt-customize-xml-files.md) +[Conflicts and precedence](usmt-conflicts-and-precedence.md) +[USMT XML reference](usmt-xml-reference.md) diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md index 0ad98d6c8b..85ae4c90f8 100644 --- a/windows/deployment/usmt/usmt-resources.md +++ b/windows/deployment/usmt/usmt-resources.md @@ -11,33 +11,26 @@ ms.topic: article ms.technology: itpro-deploy --- -# USMT Resources +# USMT resources +## USMT online resources -## USMT Online Resources +- [ADK Release Notes](/windows-hardware/get-started/what-s-new-in-kits-and-tools) +- Microsoft Visual Studio -- [ADK Release Notes](/windows-hardware/get-started/what-s-new-in-kits-and-tools) + - You can use the User State Migration Tool (USMT) XML schema (the `MigXML.xsd` file) to validate the migration .xml files using an XML authoring tool such as Microsoft® Visual Studio®. + + For more information about how to use the schema with your XML authoring environment, see the environment's documentation. -- Microsoft Visual Studio +- [Ask the Directory Services Team blog](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/bg-p/AskDS) - - You can use the User State Migration Tool (USMT) XML schema (the MigXML.xsd file) to validate the migration .xml files using an XML authoring tool such as Microsoft® Visual Studio®. +- Forums: - For more information about how to use the schema with your XML authoring environment, see the environment’s documentation. + - [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386) -- [Ask the Directory Services Team blog](/archive/blogs/askds/) + - [Configuration Manager Operating System Deployment](https://social.technet.microsoft.com/Forums/en-US/home?forum=ConfigMgrCBOSD) -- Forums: +## Related articles - - [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386) - - - [Configuration Manager Operating System Deployment](https://go.microsoft.com/fwlink/p/?LinkId=226388) - -## Related topics - - -[User State Migration Tool (USMT) Overview Topics](usmt-topics.md) - -  - -  +[User State Migration Tool (USMT) overview topics](usmt-topics.md) diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index 4d2303e981..a3a8bc5f61 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -1,6 +1,6 @@ --- title: Return Codes (Windows 10) -description: Learn about User State Migration Tool (USMT) 10.0 return codes and error messages. Also view a list of USMT return codes and their associated migration steps. +description: Learn about User State Migration Tool (USMT) 10.0 return codes and error messages. Also view a list of USMT return codes and their associated migration steps. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,265 +11,310 @@ ms.topic: article ms.technology: itpro-deploy --- -# Return Codes +# Return codes -This topic describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this topic provides tips to help you use the logfiles to determine why you received an error. +This topic describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this topic provides tips to help you use the logfiles to determine why you received an error. Understanding the requirements for running USMT can help minimize errors in your USMT migrations. For more information, see [USMT Requirements](usmt-requirements.md). -## In This Topic - -[USMT Return Codes](#bkmk-returncodes) - -[USMT Error Messages](#bkmk-errormessages) - -[Troubleshooting Return Codes and Error Messages](#bkmk-tscodeserrors) - -## USMT Return Codes +## USMT return codes If you encounter an error in your USMT migration, you can use return codes and the more specific information provided in the associated USMT error messages to troubleshoot the issue and to identify mitigation steps. Return codes are grouped into the following broad categories that describe their area of error reporting: -Success or User Cancel +- Success or User Cancel -Invalid Command Lines +- Invalid Command Lines -Setup and Initialization +- Setup and Initialization -Non-fatal Errors +- Non-fatal Errors -Fatal Errors +- Fatal Errors -As a best practice, we recommend that you set verbosity level to 5, **/v**:5, on the **ScanState**, **LoadState**, and **USMTUtils** command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger. +As a best practice, we recommend that you set verbosity level to 5, `v:5`, on the `ScanState.exe`, `LoadState.exe`, and `USMTUtils.exe` command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger. -## USMT Error Messages +## USMT error messages -Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of "11” (for “USMT\_INVALID\_PARAMETERS") and a related error message that reads "/key and /keyfile both specified". The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received. +Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of **11** (for **USMT_INVALID_PARAMETERS**) and a related error message that reads **/key and /keyfile both specified**. The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received. -You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](/windows/win32/debug/system-error-codes--0-499-). +You can obtain more information about any listed **Windows** system error codes by typing in a command prompt window `net.exe helpmsg ` where ** is the error code number generated by the error message. For more information about System Error Codes, see [System Error Codes (0-499)](/windows/win32/debug/system-error-codes--0-499-). -## Troubleshooting Return Codes and Error Messages +## Troubleshooting return codes and error messages The following information lists each return code by numeric value, along with the associated error messages and suggested troubleshooting actions. -- **0: USMT_SUCCESS** - - **Error message**: Successful run +### **0: USMT_SUCCESS** -- **1: USMT_DISPLAY_HELP** - - **Error message**: Command line help requested +| Error message | Troubleshooting, mitigation, workarounds | + | --- | --- | + | **Successful run** | NA | -- **2: USMT_STATUS_CANCELED** - - **Error message**: - - Gather was aborted because of an EFS file - - User chose to cancel (such as pressing CTRL+C) +### **1: USMT_DISPLAY_HELP** -- **3: USMT_WOULD_HAVE_FAILED** - - **Error message**: At least one error was skipped as a result of /c. - - **Troubleshooting, mitigation, workarounds**: Review ScanState, LoadState, or UsmtUtils log for details about command-line errors. +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Command line help requested** | NA | -- **11: USMT_INVALID_PARAMETERS** +### **2: USMT_STATUS_CANCELED** + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Gather was aborted because of an EFS file** | NA | +| **User chose to cancel (such as pressing CTRL+C)** | NA | + +### **3: USMT_WOULD_HAVE_FAILED** + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **At least one error was skipped as a result of /c.** | Review ScanState, LoadState, or UsmtUtils log for details about command-line errors. | + +### **11: USMT_INVALID_PARAMETERS** + +- **Category**: Invalid Command Lines + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **/all conflicts with /ui, /ue or /uel** | Review ScanState log or LoadState log for details about command-line errors. | +| **/auto expects an optional parameter for the script folder** | Review ScanState log or LoadState log for details about command-line errors. | +| **/encrypt can't be used with /nocompress** | Review ScanState log or LoadState log for details about command-line errors. | +| **/encrypt requires /key or /keyfile** | Review ScanState log or LoadState log for details about command-line errors. | +| **/genconfig can't be used with most other options** | Review ScanState log or LoadState log for details about command-line errors. | +| **/genmigxml can't be used with most other options** | Review ScanState log or LoadState log for details about command-line errors. | +| **/hardlink requires /nocompress** | Review ScanState log or LoadState log for details about command-line errors. | +| **/key and /keyfile both specified** | Review ScanState log or LoadState log for details about command-line errors. | +| **/key or /keyfile used without enabling encryption** | Review ScanState log or LoadState log for details about command-line errors. | +| **/lae is only used with /lac** | Review ScanState log or LoadState log for details about command-line errors. | +| **/listfiles cannot be used with /p** | Review ScanState log or LoadState log for details about command-line errors. | +| **/offline requires a valid path to an XML file describing offline paths** | Review ScanState log or LoadState log for details about command-line errors. | +| **/offlinewindir requires a valid path to offline windows folder** | Review ScanState log or LoadState log for details about command-line errors. | +| **/offlinewinold requires a valid path to offline windows folder** | Review ScanState log or LoadState log for details about command-line errors. | +| **A command was already specified** | Verify that the command-line syntax is correct and that there are no duplicate commands. | +| **An option argument is missing** | Review ScanState log or LoadState log for details about command-line errors. | +| **An option is specified more than once and is ambiguous** | Review ScanState log or LoadState log for details about command-line errors. | +| **By default /auto selects all users and uses the highest log verbosity level. Switches like /all, /ui, /ue, /v are not allowed.** | Review ScanState log or LoadState log for details about command-line errors. | +| **Command line arguments are required. Specify /? for options.** | Review ScanState log or LoadState log for details about command-line errors. | +| **Command line option is not valid** | Review ScanState log or LoadState log for details about command-line errors. | +| **EFS parameter specified is not valid for /efs** | Review ScanState log or LoadState log for details about command-line errors. | +| **File argument is invalid for /genconfig** | Review ScanState log or LoadState log for details about command-line errors. | +| **File argument is invalid for /genmigxml** | Review ScanState log or LoadState log for details about command-line errors. | +| **Invalid space estimate path. Check the parameters and/or file system permissions** | Review ScanState log or LoadState log for details about command-line errors. | +| **List file path argument is invalid for /listfiles** | Review ScanState log or LoadState log for details about command-line errors. | +| **Retry argument must be an integer** | Review ScanState log or LoadState log for details about command-line errors. | +| **Settings store argument specified is invalid** | Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set. | +| **Specified encryption algorithm is not supported** | Review ScanState log or LoadState log for details about command-line errors. | +| **The /efs:hardlink requires /hardlink** | Review ScanState log or LoadState log for details about command-line errors. | +| **The /targetWindows7 option is only available for Windows XP, Windows Vista, and Windows 7** | Review ScanState log or LoadState log for details about command-line errors. | +| **The store parameter is required but not specified** | Review ScanState log or LoadState log for details about command-line errors. | +| **The source-to-target domain mapping is invalid for /md** | Review ScanState log or LoadState log for details about command-line errors. | +| **The source-to-target user account mapping is invalid for /mu** | Review ScanState log or LoadState log for details about command-line errors. | +| **Undefined or incomplete command line option** | Review ScanState log or LoadState log for details about command-line errors. | +| **Use /nocompress, or provide an XML file path with /p"pathtoafile" to get a compressed store size estimate** | Review ScanState log or LoadState log for details about command-line errors. | +| **User exclusion argument is invalid** | Review ScanState log or LoadState log for details about command-line errors. | +| **Verbosity level must be specified as a sum of the desired log options: Verbose (0x01), Record Objects (0x04), Echo to debug port (0x08)** | Review ScanState log or LoadState log for details about command-line errors. | +| **Volume shadow copy feature is not supported with a hardlink store** | Review ScanState log or LoadState log for details about command-line errors. | +| **Wait delay argument must be an integer** | Review ScanState log or LoadState log for details about command-line errors. | + +### **12: USMT_ERROR_OPTION_PARAM_TOO_LARGE** + +- **Category**: Invalid Command Lines + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Command line arguments cannot exceed 256 characters** | Review ScanState log or LoadState log for details about command-line errors. | +| **Specified settings store path exceeds the maximum allowed length of 256 characters** | Review ScanState log or LoadState log for details about command-line errors. | + +### **13: USMT_INIT_LOGFILE_FAILED** + +- **Category**: Invalid Command Lines + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Log path argument is invalid for /l** | When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct. | + +### **14: USMT_ERROR_USE_LAC** + +- **Category**: Invalid Command Lines + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Unable to create a local account because /lac was not specified** | When creating local accounts, the command-line options /lac and /lae should be used. | + +### **26: USMT_INIT_ERROR** + +- **Category**: Setup and Initialization + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Multiple Windows installations found** | Listfiles.txt could not be created. Verify that the location you specified for the creation of this file is valid. | +| **Software malfunction or unknown exception** | Check all loaded .xml files for errors, common error when using /I to load the Config.xml file. | +| **Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries** | Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping. | + +### **27: USMT_INVALID_STORE_LOCATION** + +- **Category**: Setup and Initialization | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | /all conflicts with /ui, /ue or /uel | Review ScanState log or LoadState log for details about command-line errors. | - | /auto expects an optional parameter for the script folder | Review ScanState log or LoadState log for details about command-line errors. | - | /encrypt can't be used with /nocompress | Review ScanState log or LoadState log for details about command-line errors. | - | /encrypt requires /key or /keyfile | Review ScanState log or LoadState log for details about command-line errors. | - | /genconfig can't be used with most other options | Review ScanState log or LoadState log for details about command-line errors. | - | /genmigxml can't be used with most other options | Review ScanState log or LoadState log for details about command-line errors. | - | /hardlink requires /nocompress | Review ScanState log or LoadState log for details about command-line errors. | - | /key and /keyfile both specified | Review ScanState log or LoadState log for details about command-line errors. | - | /key or /keyfile used without enabling encryption | Review ScanState log or LoadState log for details about command-line errors. | - | /lae is only used with /lac | Review ScanState log or LoadState log for details about command-line errors. | - | /listfiles cannot be used with /p | Review ScanState log or LoadState log for details about command-line errors. | - | /offline requires a valid path to an XML file describing offline paths | Review ScanState log or LoadState log for details about command-line errors. | - | /offlinewindir requires a valid path to offline windows folder | Review ScanState log or LoadState log for details about command-line errors. | - | /offlinewinold requires a valid path to offline windows folder | Review ScanState log or LoadState log for details about command-line errors. | - | A command was already specified | Verify that the command-line syntax is correct and that there are no duplicate commands. | - | An option argument is missing | Review ScanState log or LoadState log for details about command-line errors. | - | An option is specified more than once and is ambiguous | Review ScanState log or LoadState log for details about command-line errors. | - | By default /auto selects all users and uses the highest log verbosity level. Switches like /all, /ui, /ue, /v are not allowed. | Review ScanState log or LoadState log for details about command-line errors. | - | Command line arguments are required. Specify /? for options. | Review ScanState log or LoadState log for details about command-line errors. | - | Command line option is not valid | Review ScanState log or LoadState log for details about command-line errors. | - | EFS parameter specified is not valid for /efs | Review ScanState log or LoadState log for details about command-line errors. | - | File argument is invalid for /genconfig | Review ScanState log or LoadState log for details about command-line errors. | - | File argument is invalid for /genmigxml | Review ScanState log or LoadState log for details about command-line errors. | - | Invalid space estimate path. Check the parameters and/or file system permissions | Review ScanState log or LoadState log for details about command-line errors. | - | List file path argument is invalid for /listfiles | Review ScanState log or LoadState log for details about command-line errors. | - | Retry argument must be an integer | Review ScanState log or LoadState log for details about command-line errors. | - | Settings store argument specified is invalid | Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set. | - | Specified encryption algorithm is not supported | Review ScanState log or LoadState log for details about command-line errors. | - | The /efs:hardlink requires /hardlink | Review ScanState log or LoadState log for details about command-line errors. | - | The /targetWindows7 option is only available for Windows XP, Windows Vista, and Windows 7 | Review ScanState log or LoadState log for details about command-line errors. | - | The store parameter is required but not specified | Review ScanState log or LoadState log for details about command-line errors. | - | The source-to-target domain mapping is invalid for /md | Review ScanState log or LoadState log for details about command-line errors. | - | The source-to-target user account mapping is invalid for /mu | Review ScanState log or LoadState log for details about command-line errors. | - | Undefined or incomplete command line option | Review ScanState log or LoadState log for details about command-line errors.

Category: Invalid Command Lines| - | Use /nocompress, or provide an XML file path with /p"pathtoafile" to get a compressed store size estimate | Review ScanState log or LoadState log for details about command-line errors. | - | User exclusion argument is invalid | Review ScanState log or LoadState log for details about command-line errors. | - | Verbosity level must be specified as a sum of the desired log options: Verbose (0x01), Record Objects (0x04), Echo to debug port (0x08) | Review ScanState log or LoadState log for details about command-line errors. | - | Volume shadow copy feature is not supported with a hardlink store | Review ScanState log or LoadState log for details about command-line errors. | - | Wait delay argument must be an integer | Review ScanState log or LoadState log for details about command-line errors. | + | **A store path can't be used because an existing store exists; specify /o to overwrite** | Specify /o to overwrite an existing intermediate or migration store. | + | **A store path is missing or has incomplete data** | Make sure that the store path is accessible and that the proper permission levels are set. | + | **An error occurred during store creation** | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | + | **An inappropriate device such as a floppy disk was specified for the store** | Make sure that the store path is accessible and that the proper permission levels are set. | + | **Invalid store path; check the store parameter and/or file system permissions** | Invalid store path; check the store parameter and/or file system permissions. | + | **The file layout and/or file content is not recognized as a valid store** | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | + | **The store path holds a store incompatible with the current USMT version** | Make sure that the store path is accessible and that the proper permission levels are set. | + | **The store save location is read-only or does not support a requested storage option** | Make sure that the store path is accessible and that the proper permission levels are set. | -- **12: USMT_ERROR_OPTION_PARAM_TOO_LARGE** +### **28: USMT_UNABLE_GET_SCRIPTFILES** + +- **Category**: Setup and Initialization + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Script file is invalid for /i** | Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file. | +| **Unable to find a script file specified by /i** | Verify the location of your script files, and ensure that the command-line options are correct. | + +### **29: USMT_FAILED_MIGSTARTUP** + +- **Category**: Setup and Initialization + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **A minimum of 250 MB of free space is required for temporary files** | Verify that the system meets the minimum temporary disk space requirement of 250 MB. As a workaround, you can set the environment variable `USMT_WORKING_DIR=` to redirect the temporary files working directory. | +| **Another process is preventing migration; only one migration tool can run at a time** | Check the ScanState log file for migration .xml file errors. | +| **Failed to start main processing, look in log for system errors or check the installation** | Check the ScanState log file for migration .xml file errors. | +| **Migration failed because of an XML error; look in the log for specific details** | Check the ScanState log file for migration .xml file errors. | +| **Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table** | Check the ScanState log file for migration .xml file errors. | + +### **31: USMT_UNABLE_FINDMIGUNITS** + +- **Category**: Setup and Initialization + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **An error occurred during the discover phase; the log should have more specific information** | Check the ScanState log file for migration .xml file errors. | + + +### **32: USMT_FAILED_SETMIGRATIONTYPE** + +- **Category**: Setup and Initialization + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **An error occurred processing the migration system** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | + + +### **33: USMT_UNABLE_READKEY** + +- **Category**: Setup and Initialization + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Error accessing the file specified by the /keyfile parameter** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | +| **The encryption key must have at least one character** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | + +### **34: USMT_ERROR_INSUFFICIENT_RIGHTS** + +- **Category**: Setup and Initialization | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | Command line arguments cannot exceed 256 characters | Review ScanState log or LoadState log for details about command-line errors.

Category: Invalid Command Lines | - | Specified settings store path exceeds the maximum allowed length of 256 characters | Review ScanState log or LoadState log for details about command-line errors. | + | **Directory removal requires elevated privileges** | Log on as Administrator, and run with elevated privileges. | + | **No rights to create user profiles; log in as Administrator; run with elevated privileges** | Log on as Administrator, and run with elevated privileges. | + | **No rights to read or delete user profiles; log in as Administrator, run with elevated privileges** | Log on as Administrator, and run with elevated privileges. | -- **13: USMT_INIT_LOGFILE_FAILED** - - **Error message**: Log path argument is invalid for /l - - **Troubleshooting, mitigation, workarounds**: When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct. - - **Category**: Invalid Command Lines +### **35: USMT_UNABLE_DELETE_STORE** -- **14: USMT_ERROR_USE_LAC** - - **Error message**: Unable to create a local account because /lac was not specified - - **Troubleshooting, mitigation, workarounds**: When creating local accounts, the command-line options /lac and /lae should be used. - - **Category**: Invalid Command Lines - -- **26: USMT_INIT_ERROR** +- **Category**: Setup and Initialization | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | Multiple Windows installations found | Listfiles.txt could not be created. Verify that the location you specified for the creation of this file is valid.

Category: Setup and Initialization | - | Software malfunction or unknown exception | Check all loaded .xml files for errors, common error when using /I to load the Config.xml file. | - | Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries | Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping. | + | **A reboot is required to remove the store** | Reboot to delete any files that could not be deleted when the command was executed. | + | **A store path can't be used because it contains data that could not be overwritten** | A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use **USMTUtils /rd** command to delete the store. | + | **There was an error removing the store** | Review ScanState log or LoadState log for details about command-line errors. | -- **27: USMT_INVALID_STORE_LOCATION** +### **36: USMT_ERROR_UNSUPPORTED_PLATFORM** + +- **Category**: Setup and Initialization | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | A store path can't be used because an existing store exists; specify /o to overwrite | Specify /o to overwrite an existing intermediate or migration store.

Category: Setup and Initialization | - | A store path is missing or has incomplete data | Make sure that the store path is accessible and that the proper permission levels are set. | - | An error occurred during store creation | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | - | An inappropriate device such as a floppy disk was specified for the store | Make sure that the store path is accessible and that the proper permission levels are set. | - | Invalid store path; check the store parameter and/or file system permissions | Invalid store path; check the store parameter and/or file system permissions. | - | The file layout and/or file content is not recognized as a valid store | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | - | The store path holds a store incompatible with the current USMT version | Make sure that the store path is accessible and that the proper permission levels are set. | - | The store save location is read-only or does not support a requested storage option | Make sure that the store path is accessible and that the proper permission levels are set. | + | **Compliance check failure; please check the logs for details** | Investigate whether there is an active temporary profile on the system. | + | **Use of /offline is not supported during apply** | The **/offline** command was not used while running in the Windows Preinstallation Environment (WinPE). | + | **Use /offline to run gather on this platform** | The **/offline** command was not used while running in WinPE. | -- **28: USMT_UNABLE_GET_SCRIPTFILES** - - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | Script file is invalid for /i | Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file.

Category: Setup and Initialization | - | Unable to find a script file specified by /i | Verify the location of your script files, and ensure that the command-line options are correct. | - -- **29: USMT_FAILED_MIGSTARTUP** - - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | A minimum of 250 MB of free space is required for temporary files | Verify that the system meets the minimum temporary disk space requirement of 250 MB. As a workaround, you can set the environment variable `USMT_WORKING_DIR=` to redirect the temporary files working directory.

Category: Setup and Initialization | - | Another process is preventing migration; only one migration tool can run at a time | Check the ScanState log file for migration .xml file errors. | - | Failed to start main processing, look in log for system errors or check the installation | Check the ScanState log file for migration .xml file errors. | - | Migration failed because of an XML error; look in the log for specific details | Check the ScanState log file for migration .xml file errors. | - | Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table | Check the ScanState log file for migration .xml file errors. | - -- **31: USMT_UNABLE_FINDMIGUNITS** - - - **Error message**: An error occurred during the discover phase; the log should have more specific information - - **Troubleshooting, mitigation, workarounds**: Check the ScanState log file for migration .xml file errors. - - **Category**: Setup and Initialization - -- **32: USMT_FAILED_SETMIGRATIONTYPE** - - **Error message**: An error occurred processing the migration system - - **Troubleshooting, mitigation, workarounds**: Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. - - **Category**: Setup and Initialization - -- **33: USMT_UNABLE_READKEY** - - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | Error accessing the file specified by the /keyfile parameter | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.

Category: Setup and Initialization | - | The encryption key must have at least one character | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | - -- **34: USMT_ERROR_INSUFFICIENT_RIGHTS** - - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | Directory removal requires elevated privileges | Log on as Administrator, and run with elevated privileges.

Category: Setup and Initialization | - | No rights to create user profiles; log in as Administrator; run with elevated privileges | Log on as Administrator, and run with elevated privileges. | - | No rights to read or delete user profiles; log in as Administrator, run with elevated privileges | Log on as Administrator, and run with elevated privileges. | - -- **35: USMT_UNABLE_DELETE_STORE** - - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | A reboot is required to remove the store | Reboot to delete any files that could not be deleted when the command was executed.

Category: Setup and Initialization | - | A store path can't be used because it contains data that could not be overwritten | A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use **USMTUtils /rd** command to delete the store. | - | There was an error removing the store | Review ScanState log or LoadState log for details about command-line errors. | - -- **36: USMT_ERROR_UNSUPPORTED_PLATFORM** - - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | Compliance check failure; please check the logs for details | Investigate whether there is an active temporary profile on the system.

Category: Setup and Initialization | - | Use of /offline is not supported during apply | The **/offline** command was not used while running in the Windows Preinstallation Environment (WinPE). | - | Use /offline to run gather on this platform | The **/offline** command was not used while running in WinPE. | - -- **37: USMT_ERROR_NO_INVALID_KEY** +### **37: USMT_ERROR_NO_INVALID_KEY** - **Error message**: The store holds encrypted data but the correct encryption key was not provided - **Troubleshooting, mitigation, workarounds**: Verify that you have included the correct encryption /key or /keyfile. - **Category**: Setup and Initialization -- **38: USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE** +### **38: USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE** - **Error message**: An error occurred during store access - **Troubleshooting, mitigation, workarounds**: Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set. - **Category**: Setup and Initialization -- **39: USMT_UNABLE_TO_READ_CONFIG_FILE** +### **39: USMT_UNABLE_TO_READ_CONFIG_FILE** + +- **Category**: Setup and Initialization | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | Error reading Config.xml | Review ScanState log or LoadState log for details about command-line errors in the Config.xml file.

Category: Setup and Initialization | - | File argument is invalid for /config | Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line. | + | **Error reading Config.xml** | Review ScanState log or LoadState log for details about command-line errors in the Config.xml file. | + | **File argument is invalid for /config** | Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line. | -- **40: USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG** +### **40: USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG** + +- **Category**: Setup and Initialization | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | Error writing to the progress log | The Progress log could not be created. Verify that the location is valid and that you have write access.

Category: Setup and Initialization | - | Progress log argument is invalid for /progress | The Progress log could not be created. Verify that the location is valid and that you have write access. | + | **Error writing to the progress log** | The Progress log could not be created. Verify that the location is valid and that you have write access. | + | **Progress log argument is invalid for /progress** | The Progress log could not be created. Verify that the location is valid and that you have write access. | -- **41: USMT_PREFLIGHT_FILE_CREATION_FAILED** +### **41: USMT_PREFLIGHT_FILE_CREATION_FAILED** + +- **Category**: Setup and Initialization | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | Can't overwrite existing file | The Progress log could not be created. Verify that the location is valid and that you have write access.

Category: Setup and Initialization | - | Invalid space estimate path. Check the parameters and/or file system permissions | Review ScanState log or LoadState log for details about command-line errors. | + | **Can't overwrite existing file** | The Progress log could not be created. Verify that the location is valid and that you have write access. | + | **Invalid space estimate path. Check the parameters and/or file system permissions** | Review ScanState log or LoadState log for details about command-line errors. | -- **42: USMT_ERROR_CORRUPTED_STORE** +### **42: USMT_ERROR_CORRUPTED_STORE** - **Error message**: The store contains one or more corrupted files - **Troubleshooting, mitigation, workarounds**: Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). -- **61: USMT_MIGRATION_STOPPED_NONFATAL** +### **61: USMT_MIGRATION_STOPPED_NONFATAL** - **Error message**: Processing stopped due to an I/O error - **Troubleshooting, mitigation, workarounds**: USMT exited but can continue with the /c command-line option, with the optional configurable <ErrorControl> section or by using the /vsc command-line option. - **Category**: Non-fatal Errors -- **71: USMT_INIT_OPERATING_ENVIRONMENT_FAILED** +### **71: USMT_INIT_OPERATING_ENVIRONMENT_FAILED** + +- **Category**: Fatal Errors | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | A Windows Win32 API error occurred | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.

Category: Fatal Errors | - | An error occurred when attempting to initialize the diagnostic mechanisms such as the log | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | - | Failed to record diagnostic information | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | - | Unable to start. Make sure you are running USMT with elevated privileges | Exit USMT and log in again with elevated privileges. | + | **A Windows Win32 API error occurred** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | + | **An error occurred when attempting to initialize the diagnostic mechanisms such as the log** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | + | **Failed to record diagnostic information** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | + | **Unable to start. Make sure you are running USMT with elevated privileges** | Exit USMT and log in again with elevated privileges. | -- **72: USMT_UNABLE_DOMIGRATION** +### **72: USMT_UNABLE_DOMIGRATION** + +- **Category**: Fatal Errors | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | - | An error occurred closing the store | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.

Category: Fatal Errors| - | An error occurred in the apply process | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | - | An error occurred in the gather process | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | - | Out of disk space while writing the store | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | - | Out of temporary disk space on the local system | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | + | **An error occurred closing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | + | **An error occurred in the apply process** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | + | **An error occurred in the gather process** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | + | **Out of disk space while writing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | + | **Out of temporary disk space on the local system** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | ## Related topics -[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) +[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md) -[Log Files](usmt-log-files.md) +[USMT log files](usmt-log-files.md) From e3572a44d15ec7d3bcaacd33488163921d6b167c Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Thu, 3 Nov 2022 22:21:59 -0400 Subject: [PATCH 019/108] Metadata update deployment/usmt 16 --- windows/deployment/usmt/usmt-return-codes.md | 207 ++++++++++--------- 1 file changed, 115 insertions(+), 92 deletions(-) diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index a3a8bc5f61..7c9fe4f205 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -45,32 +45,40 @@ You can obtain more information about any listed **Windows** system error codes The following information lists each return code by numeric value, along with the associated error messages and suggested troubleshooting actions. -### **0: USMT_SUCCESS** +### 0: USMT_SUCCESS + +- **Category**: Success or User Cancel | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | | **Successful run** | NA | -### **1: USMT_DISPLAY_HELP** +### 1: USMT_DISPLAY_HELP + +- **Category**: Success or User Cancel | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | | **Command line help requested** | NA | -### **2: USMT_STATUS_CANCELED** +### 2: USMT_STATUS_CANCELED + +- **Category**: Success or User Cancel | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | | **Gather was aborted because of an EFS file** | NA | | **User chose to cancel (such as pressing CTRL+C)** | NA | -### **3: USMT_WOULD_HAVE_FAILED** +### 3: USMT_WOULD_HAVE_FAILED + +- **Category**: | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | | **At least one error was skipped as a result of /c.** | Review ScanState, LoadState, or UsmtUtils log for details about command-line errors. | -### **11: USMT_INVALID_PARAMETERS** +### 11: USMT_INVALID_PARAMETERS - **Category**: Invalid Command Lines @@ -116,7 +124,7 @@ The following information lists each return code by numeric value, along with th | **Volume shadow copy feature is not supported with a hardlink store** | Review ScanState log or LoadState log for details about command-line errors. | | **Wait delay argument must be an integer** | Review ScanState log or LoadState log for details about command-line errors. | -### **12: USMT_ERROR_OPTION_PARAM_TOO_LARGE** +### 12: USMT_ERROR_OPTION_PARAM_TOO_LARGE - **Category**: Invalid Command Lines @@ -125,7 +133,7 @@ The following information lists each return code by numeric value, along with th | **Command line arguments cannot exceed 256 characters** | Review ScanState log or LoadState log for details about command-line errors. | | **Specified settings store path exceeds the maximum allowed length of 256 characters** | Review ScanState log or LoadState log for details about command-line errors. | -### **13: USMT_INIT_LOGFILE_FAILED** +### 13: USMT_INIT_LOGFILE_FAILED - **Category**: Invalid Command Lines @@ -133,7 +141,7 @@ The following information lists each return code by numeric value, along with th | --- | --- | | **Log path argument is invalid for /l** | When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct. | -### **14: USMT_ERROR_USE_LAC** +### 14: USMT_ERROR_USE_LAC - **Category**: Invalid Command Lines @@ -141,7 +149,7 @@ The following information lists each return code by numeric value, along with th | --- | --- | | **Unable to create a local account because /lac was not specified** | When creating local accounts, the command-line options /lac and /lae should be used. | -### **26: USMT_INIT_ERROR** +### 26: USMT_INIT_ERROR - **Category**: Setup and Initialization @@ -151,22 +159,22 @@ The following information lists each return code by numeric value, along with th | **Software malfunction or unknown exception** | Check all loaded .xml files for errors, common error when using /I to load the Config.xml file. | | **Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries** | Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping. | -### **27: USMT_INVALID_STORE_LOCATION** +### 27: USMT_INVALID_STORE_LOCATION - **Category**: Setup and Initialization - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **A store path can't be used because an existing store exists; specify /o to overwrite** | Specify /o to overwrite an existing intermediate or migration store. | - | **A store path is missing or has incomplete data** | Make sure that the store path is accessible and that the proper permission levels are set. | - | **An error occurred during store creation** | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | - | **An inappropriate device such as a floppy disk was specified for the store** | Make sure that the store path is accessible and that the proper permission levels are set. | - | **Invalid store path; check the store parameter and/or file system permissions** | Invalid store path; check the store parameter and/or file system permissions. | - | **The file layout and/or file content is not recognized as a valid store** | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | - | **The store path holds a store incompatible with the current USMT version** | Make sure that the store path is accessible and that the proper permission levels are set. | - | **The store save location is read-only or does not support a requested storage option** | Make sure that the store path is accessible and that the proper permission levels are set. | +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **A store path can't be used because an existing store exists; specify /o to overwrite** | Specify /o to overwrite an existing intermediate or migration store. | +| **A store path is missing or has incomplete data** | Make sure that the store path is accessible and that the proper permission levels are set. | +| **An error occurred during store creation** | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | +| **An inappropriate device such as a floppy disk was specified for the store** | Make sure that the store path is accessible and that the proper permission levels are set. | +| **Invalid store path; check the store parameter and/or file system permissions** | Invalid store path; check the store parameter and/or file system permissions. | +| **The file layout and/or file content is not recognized as a valid store** | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | +| **The store path holds a store incompatible with the current USMT version** | Make sure that the store path is accessible and that the proper permission levels are set. | +| **The store save location is read-only or does not support a requested storage option** | Make sure that the store path is accessible and that the proper permission levels are set. | -### **28: USMT_UNABLE_GET_SCRIPTFILES** +### 28: USMT_UNABLE_GET_SCRIPTFILES - **Category**: Setup and Initialization @@ -175,7 +183,7 @@ The following information lists each return code by numeric value, along with th | **Script file is invalid for /i** | Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file. | | **Unable to find a script file specified by /i** | Verify the location of your script files, and ensure that the command-line options are correct. | -### **29: USMT_FAILED_MIGSTARTUP** +### 29: USMT_FAILED_MIGSTARTUP - **Category**: Setup and Initialization @@ -187,7 +195,7 @@ The following information lists each return code by numeric value, along with th | **Migration failed because of an XML error; look in the log for specific details** | Check the ScanState log file for migration .xml file errors. | | **Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table** | Check the ScanState log file for migration .xml file errors. | -### **31: USMT_UNABLE_FINDMIGUNITS** +### 31: USMT_UNABLE_FINDMIGUNITS - **Category**: Setup and Initialization @@ -196,7 +204,7 @@ The following information lists each return code by numeric value, along with th | **An error occurred during the discover phase; the log should have more specific information** | Check the ScanState log file for migration .xml file errors. | -### **32: USMT_FAILED_SETMIGRATIONTYPE** +### 32: USMT_FAILED_SETMIGRATIONTYPE - **Category**: Setup and Initialization @@ -205,7 +213,7 @@ The following information lists each return code by numeric value, along with th | **An error occurred processing the migration system** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | -### **33: USMT_UNABLE_READKEY** +### 33: USMT_UNABLE_READKEY - **Category**: Setup and Initialization @@ -214,104 +222,119 @@ The following information lists each return code by numeric value, along with th | **Error accessing the file specified by the /keyfile parameter** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | | **The encryption key must have at least one character** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | -### **34: USMT_ERROR_INSUFFICIENT_RIGHTS** +### 34: USMT_ERROR_INSUFFICIENT_RIGHTS - **Category**: Setup and Initialization - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **Directory removal requires elevated privileges** | Log on as Administrator, and run with elevated privileges. | - | **No rights to create user profiles; log in as Administrator; run with elevated privileges** | Log on as Administrator, and run with elevated privileges. | - | **No rights to read or delete user profiles; log in as Administrator, run with elevated privileges** | Log on as Administrator, and run with elevated privileges. | +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Directory removal requires elevated privileges** | Log on as Administrator, and run with elevated privileges. | +| **No rights to create user profiles; log in as Administrator; run with elevated privileges** | Log on as Administrator, and run with elevated privileges. | +| **No rights to read or delete user profiles; log in as Administrator, run with elevated privileges** | Log on as Administrator, and run with elevated privileges. | -### **35: USMT_UNABLE_DELETE_STORE** +### 35: USMT_UNABLE_DELETE_STORE - **Category**: Setup and Initialization - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **A reboot is required to remove the store** | Reboot to delete any files that could not be deleted when the command was executed. | - | **A store path can't be used because it contains data that could not be overwritten** | A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use **USMTUtils /rd** command to delete the store. | - | **There was an error removing the store** | Review ScanState log or LoadState log for details about command-line errors. | +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **A reboot is required to remove the store** | Reboot to delete any files that could not be deleted when the command was executed. | +| **A store path can't be used because it contains data that could not be overwritten** | A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use **USMTUtils /rd** command to delete the store. | +| **There was an error removing the store** | Review ScanState log or LoadState log for details about command-line errors. | -### **36: USMT_ERROR_UNSUPPORTED_PLATFORM** +### 36: USMT_ERROR_UNSUPPORTED_PLATFORM - **Category**: Setup and Initialization - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **Compliance check failure; please check the logs for details** | Investigate whether there is an active temporary profile on the system. | - | **Use of /offline is not supported during apply** | The **/offline** command was not used while running in the Windows Preinstallation Environment (WinPE). | - | **Use /offline to run gather on this platform** | The **/offline** command was not used while running in WinPE. | +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Compliance check failure; please check the logs for details** | Investigate whether there is an active temporary profile on the system. | +| **Use of /offline is not supported during apply** | The **/offline** command was not used while running in the Windows Preinstallation Environment (WinPE). | +| **Use /offline to run gather on this platform** | The **/offline** command was not used while running in WinPE. | -### **37: USMT_ERROR_NO_INVALID_KEY** - - **Error message**: The store holds encrypted data but the correct encryption key was not provided - - **Troubleshooting, mitigation, workarounds**: Verify that you have included the correct encryption /key or /keyfile. - - **Category**: Setup and Initialization - -### **38: USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE** - - **Error message**: An error occurred during store access - - **Troubleshooting, mitigation, workarounds**: Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set. - - **Category**: Setup and Initialization - -### **39: USMT_UNABLE_TO_READ_CONFIG_FILE** +### 37: USMT_ERROR_NO_INVALID_KEY - **Category**: Setup and Initialization - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **Error reading Config.xml** | Review ScanState log or LoadState log for details about command-line errors in the Config.xml file. | - | **File argument is invalid for /config** | Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line. | - -### **40: USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG** +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **The store holds encrypted data but the correct encryption key was not provided** | Verify that you have included the correct encryption /key or /keyfile. | - **Category**: Setup and Initialization - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **Error writing to the progress log** | The Progress log could not be created. Verify that the location is valid and that you have write access. | - | **Progress log argument is invalid for /progress** | The Progress log could not be created. Verify that the location is valid and that you have write access. | - -### **41: USMT_PREFLIGHT_FILE_CREATION_FAILED** +### 38: USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE - **Category**: Setup and Initialization - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **Can't overwrite existing file** | The Progress log could not be created. Verify that the location is valid and that you have write access. | - | **Invalid space estimate path. Check the parameters and/or file system permissions** | Review ScanState log or LoadState log for details about command-line errors. | +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **An error occurred during store access** | Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set. | -### **42: USMT_ERROR_CORRUPTED_STORE** - - **Error message**: The store contains one or more corrupted files - - **Troubleshooting, mitigation, workarounds**: Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). +### 39: USMT_UNABLE_TO_READ_CONFIG_FILE -### **61: USMT_MIGRATION_STOPPED_NONFATAL** - - **Error message**: Processing stopped due to an I/O error - - **Troubleshooting, mitigation, workarounds**: USMT exited but can continue with the /c command-line option, with the optional configurable <ErrorControl> section or by using the /vsc command-line option. - - **Category**: Non-fatal Errors +- **Category**: Setup and Initialization -### **71: USMT_INIT_OPERATING_ENVIRONMENT_FAILED** +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Error reading Config.xml** | Review ScanState log or LoadState log for details about command-line errors in the Config.xml file. | +| **File argument is invalid for /config** | Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line. | + +### 40: USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG + +- **Category**: Setup and Initialization + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Error writing to the progress log** | The Progress log could not be created. Verify that the location is valid and that you have write access. | +| **Progress log argument is invalid for /progress** | The Progress log could not be created. Verify that the location is valid and that you have write access. | + +### 41: USMT_PREFLIGHT_FILE_CREATION_FAILED + +- **Category**: Setup and Initialization + +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **Can't overwrite existing file** | The Progress log could not be created. Verify that the location is valid and that you have write access. | +| **Invalid space estimate path. Check the parameters and/or file system permissions** | Review ScanState log or LoadState log for details about command-line errors. | + +### 42: USMT_ERROR_CORRUPTED_STORE + +- **Category**: + +| Error message | The store contains one or more corrupted files | +| --- | --- | +| **The store holds encrypted data but the correct encryption key was not provided** | Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md). | + +### 61: USMT_MIGRATION_STOPPED_NONFATAL + +- **Category**: Non-fatal Errors + +| Error message | The store contains one or more corrupted files | +| --- | --- | +| **Processing stopped due to an I/O error** | USMT exited but can continue with the `/c` command-line option, with the optional configurable **<ErrorControl>** section or by using the `/vsc` command-line option. | + +### 71: USMT_INIT_OPERATING_ENVIRONMENT_FAILED - **Category**: Fatal Errors - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **A Windows Win32 API error occurred** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | - | **An error occurred when attempting to initialize the diagnostic mechanisms such as the log** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | - | **Failed to record diagnostic information** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | - | **Unable to start. Make sure you are running USMT with elevated privileges** | Exit USMT and log in again with elevated privileges. | +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **A Windows Win32 API error occurred** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | +| **An error occurred when attempting to initialize the diagnostic mechanisms such as the log** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | +| **Failed to record diagnostic information** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | +| **Unable to start. Make sure you are running USMT with elevated privileges** | Exit USMT and log in again with elevated privileges. | -### **72: USMT_UNABLE_DOMIGRATION** +### 72: USMT_UNABLE_DOMIGRATION - **Category**: Fatal Errors - | Error message | Troubleshooting, mitigation, workarounds | - | --- | --- | - | **An error occurred closing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | - | **An error occurred in the apply process** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | - | **An error occurred in the gather process** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | - | **Out of disk space while writing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | - | **Out of temporary disk space on the local system** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | +| Error message | Troubleshooting, mitigation, workarounds | +| --- | --- | +| **An error occurred closing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | +| **An error occurred in the apply process** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | +| **An error occurred in the gather process** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | +| **Out of disk space while writing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | +| **Out of temporary disk space on the local system** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | ## Related topics From d90dd9e71df00cf9186e69465acd8154f053f196 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Fri, 4 Nov 2022 15:11:10 -0400 Subject: [PATCH 020/108] Metadata update deployment/usmt 17 --- .../usmt/understanding-migration-xml-files.md | 5 +- windows/deployment/usmt/usmt-common-issues.md | 2 +- .../deployment/usmt/usmt-loadstate-syntax.md | 44 ++-- windows/deployment/usmt/usmt-requirements.md | 2 +- windows/deployment/usmt/usmt-return-codes.md | 66 +++-- .../deployment/usmt/usmt-scanstate-syntax.md | 226 ++++++++---------- .../usmt/usmt-technical-reference.md | 49 ++-- .../usmt/usmt-test-your-migration.md | 32 +-- windows/deployment/usmt/usmt-topics.md | 26 +- .../deployment/usmt/usmt-troubleshooting.md | 18 +- windows/deployment/usmt/usmt-utilities.md | 95 ++++---- .../usmt/usmt-what-does-usmt-migrate.md | 173 +++++++------- 12 files changed, 362 insertions(+), 376 deletions(-) diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 62d1b5eda8..8009dadee8 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -131,7 +131,10 @@ The default `MigUser.xml` file migrates the following data: - Files with the following extensions: - `.qdf`, `.qsd`, `.qel`, `.qph`, `.doc*`, `.dot*`, `.rtf`, `.mcw`, `.wps`, `.scd`, `.wri`, `.wpd`, `.xl*`, `.csv`, `.iqy`, `.dqy`, `.oqy`, `.rqy`, `.wk*`, `.wq1`, `.slk`, `.dif`, `.ppt*`, `.pps*`, `.pot*`, `.sh3`, `.ch3`, `.pre`, `.ppa`, `.txt`, `.pst`, `.one*`, `.vl*`, `.vsd`, `.mpp`, `.or6`, `.accdb`, `.mdb`, `.pub` + `.accdb`, `.ch3`, `.csv`, `.dif`, `.doc*`, `.dot*`, `.dqy`, `.iqy`, `.mcw`, `.mdb*`, `.mpp`, `.one*`, `.oqy`, `.or6`, `.pot*`, `.ppa`, `.pps*`, `.ppt*`, `.pre`, `.pst`, `.pub`, `.qdf`, `.qel`, `.qph`, `.qsd`, `.rqy`, `.rtf`, `.scd`, `.sh3`, `.slk`, `.txt`, `.vl*`, `.vsd`, `.wk*`, `.wpd`, `.wps`, `.wq1`, `.wri`, `.xl*`, `.xla`, `.xlb`, `.xls*` + + > [!NOTE] + > The asterisk (`*`) stands for zero or more characters. The default `MigUser.xml` file doesn't migrate the following data: diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 31de16f3e7..d60fb2c91a 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -19,7 +19,7 @@ The following sections discuss common issues that you might see when you run the When you encounter a problem or error message during migration, you can use the following general guidelines to help determine the source of the problem: -- Examine the **ScanState**, **LoadState**, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return codes](usmt-return-codes.md). For more information about Windows API error messages, type **nethelpmsg** on the command line. +- Examine the **ScanState**, **LoadState**, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return codes](usmt-return-codes.md). You can obtain more information about any listed **Windows** system error codes by typing in a command prompt window `net.exe helpmsg ` where ** is the error code number generated by the error message. For more information about System Error Codes, see [System Error Codes (0-499)](/windows/win32/debug/system-error-codes--0-499-). In most cases, the **ScanState** and **LoadState** logs indicate why a USMT migration is failing. We recommend that you use the `/v:5` option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger. diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 49d925a26d..435484b0c8 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -13,17 +13,17 @@ ms.technology: itpro-deploy # LoadState syntax -This article discusses the `LoadState.exe` command syntax and options available with it. +The `LoadState.exe` command is used with the User State Migration Tool (USMT) 10.0 to restore a store previously captured by the `ScanState.exe` command onto a destination computer. This article discusses the `LoadState.exe` command syntax and the options available with it. ## Before you begin Before you run the `LoadState.exe` command, note the following items: -- To ensure that all operating system settings migrate, we recommend that you run the `LoadState.exe` commands in administrator mode from an account with administrative credentials. +- To ensure that all operating system settings migrate, we recommend that you run the `LoadState.exe` commands in administrator mode from an account with administrative credentials. -- For information about software requirements for running the `LoadState.exe` command, see [USMT requirements](usmt-requirements.md). +- For information about software requirements for running the `LoadState.exe` command, see [USMT requirements](usmt-requirements.md). -- You should sign out after you run the `LoadState.exe` command. Some settings (for example, fonts, wallpaper, and screensaver settings) won't take effect until the next time the user logs in. +- You should sign out after you run the `LoadState.exe` command. Some settings (for example, fonts, wallpaper, and screensaver settings) won't take effect until the next time the user logs in. - Unless otherwise specified, you can use each option only once when running a tool on the command line. @@ -33,11 +33,15 @@ Before you run the `LoadState.exe` command, note the following items: ## Syntax -This section explains the syntax and usage of the command-line options available when you use the `LoadState.exe` command. The options can be specified in any order. If the option contains a parameter, you can specify either a colon or space separator. +This section explains the syntax and usage of the command-line options available when you use the `LoadState.exe` command. The options can be specified in any order. If the option contains a parameter, you can specify either a colon or space separator. -The `LoadState.exe` command's syntax is: +The `LoadState.exe` command's syntax is: -`loadstate.exe` *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\] + + +> loadstate.exe *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\] For example, to decrypt the store and migrate the files and settings to a computer, type the following command: @@ -49,8 +53,8 @@ USMT provides the following options that you can use to specify how and where th | Command-Line Option | Description | |--- |--- | -| **StorePath** | Indicates the folder where the files and settings data are stored. You must specify *StorePath* when using the `LoadState.exe` command. You can't specify more than one *StorePath*. | -| **/decrypt /key**:*KeyString*
or
**/decrypt /key**:"*Key String*"
or
**/decrypt /keyfile**:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you'll need to specify the encryption key in one of the following ways:
  • `/key:`*KeyString* specifies the encryption key. If there's a space in *KeyString*, you must surround the argument with quotation marks.
  • `/keyfile:`*FilePathAndName* specifies a text (.txt) file that contains the encryption key

*KeyString* can't exceed 256 characters.
The `/key` and `/keyfile` options can't be used on the same command line.
The `/decrypt` and `/nocompress` options can't be used on the same command line.
**Important**
Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `LoadState.exe` command with these options will also have access to the encryption key.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey` | +| **StorePath** | Indicates the folder where the files and settings data are stored. You must specify *StorePath* when using the `LoadState.exe` command. You can't specify more than one *StorePath*. | +| **/decrypt /key**:*KeyString*
or
**/decrypt /key**:"*Key String*"
or
**/decrypt /keyfile**:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you'll need to specify the encryption key in one of the following ways:
  • `/key`:*KeyString* specifies the encryption key. If there's a space in *KeyString*, you must surround the argument with quotation marks (`"`).
  • `/keyfile`:*FilePathAndName* specifies a text (`.txt`) file that contains the encryption key

*KeyString* can't exceed 256 characters.
The `/key` and `/keyfile` options can't be used on the same command line.
The `/decrypt` and `/nocompress` options can't be used on the same command line.
**Important**
Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `LoadState.exe` command with these options will also have access to the encryption key.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey` | | **/decrypt**:*"encryption strength"* | The `/decrypt` option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | | **/hardlink** | Enables user-state data to be restored from a hard-link migration store. The `/nocompress` parameter must be specified with `/hardlink` option. | | **/nocompress** | Specifies that the store isn't compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option can't be used with the `/decrypt` option.
For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /nocompress` | @@ -61,8 +65,8 @@ USMT provides the following options to specify what files you want to migrate. | Command-Line Option | Description | |--- |--- | -| **/i**:[*Path*]*FileName* | **(include)**
Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigSys.xml, MigDocs.xml and any custom .xml files that you create). *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory.

For more information about which files to specify, see the "XML files" section of the [Frequently Asked Questions](usmt-faq.yml) article. | -| **/config**:[*Path*]*FileName* | Specifies the `Config.xml` file that the `LoadState.exe` command should use. You can't specify this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the *FileName* must be located in the current directory.

This example migrates the files and settings based on the rules in the Config.xml, MigDocs.xml, and MigApp.xml files:

`loadstate.exe \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log` | +| **/i**:[*Path*]*FileName* | **(include)**
Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (`MigApp.xml`, `MigSys.xml`, `MigDocs.xml` and any custom .xml files that you create). *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory.

For more information about which files to specify, see the "XML files" section of the [Frequently Asked Questions](usmt-faq.yml) article. | +| **/config**:[*Path*]*FileName* | Specifies the `Config.xml` file that the `LoadState.exe` command should use. You can't specify this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the *FileName* must be located in the current directory.

This example migrates the files and settings based on the rules in the `Config.xml`, `MigDocs.xml`, and `MigApp.xml` files:

`loadstate.exe \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log` | | **/auto**:*"path to script files"* | This option enables you to specify the location of the default .xml files and then launch your migration. If no path is specified, USMT will use the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i:MigDocs.xml` `/i:MigApp.xml /v:5`. | ## Monitoring options @@ -71,27 +75,27 @@ USMT provides several command-line options that you can use to analyze problems | Command-Line Option | Description | |--- |--- | -| **/l**:[*Path*]*FileName* | Specifies the location and name of the **LoadState** log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the log will be created in the current directory. You can specify the `/v` option to adjust the verbosity of the log.

If you run the `LoadState.exe` command from a shared network resource, you must specify this option, or USMT will fail with the error:

***USMT was unable to create the log file(s)***

To fix this issue, make sure to specify the `/l` option when running `LoadState.exe` from a shared network resource. | +| **/l**:[*Path*]*FileName* | Specifies the location and name of the **LoadState** log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the log will be created in the current directory. You can specify the `/v` option to adjust the verbosity of the log.

If you run the `LoadState.exe` command from a shared network resource, you must specify the `l` option, or USMT will fail with the error:

***USMT was unable to create the log file(s)***

To fix this issue, make sure to specify the `/l` option when running `LoadState.exe` from a shared network resource. | | **/v**:*``* | **(Verbosity)**

Enables verbose output in the **LoadState** log file. The default value is 0.
You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`loadstate.exe \server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml` | | **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:loadlog.log` | -| **/c** | When this option is specified, the `LoadState.exe` command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there's a large file that won't fit on the computer, the `LoadState.exe` command will log an error and continue with the migration. Without the **/c** option, the `LoadState.exe` command will exit on the first error. You can use the new <**ErrorControl**> section in the `Config.xml` file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This error control enables the **/c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the **/genconfig** option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the Config.xml file. | +| **/c** | When this option is specified, the `LoadState.exe` command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there's a large file that won't fit on the computer, the `LoadState.exe` command will log an error and continue with the migration. Without the `/c` option, the `LoadState.exe` command will exit on the first error. You can use the new <**ErrorControl**> section in the `Config.xml` file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This error control enables the `/c` command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the `/genconfig` option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the `Config.xml` file. | | **/r**:*``* | **(Retry)**

Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity isn't reliable.

While restoring the user state, the `/r` option won't recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | | **/w**:*``* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | | **/?** or **/help** | Displays Help on the command line. | ## User options -By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You can't exclude users in the migration .xml files or by using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md). +By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You can't exclude users in the migration .xml files or by using the `Config.xml` file. For more information, see [Identify Users](usmt-identify-users.md). | Command-Line Option | Description | |--- |--- | | **/all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to use the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. | -| **/ui**:*DomainName UserName*
or
**/ui**:*"DomainName User Name"*
or
**/ui**:*ComputerName LocalUserName* | **(User include)**

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` option. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotations marks.
For example:
  • To include only User2 from the Corporate domain, type:
    `/ue:* /ui:corporate\user2`
**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | -| **/uel**:*``*
or
**/uel**:*``*
or
**/uel**:0 | **(User exclude based on last logon)**

Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the `ScanState.exe` command is run. You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed into another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.

Examples:
  • `/uel:0` migrates accounts that were logged on to the source computer when the `ScanState.exe` command was run.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose accounts have been modified within the last 24 hours.
  • `/uel:2002/1/15` migrates users who have logged on or whose accounts have been modified since January 15, 2002.

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0` | -| **/ue**:*DomainName\UserName*
or
**/ue** *"DomainName\User Name"*
or
**/ue**:*ComputerName\LocalUserName* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options but you can't use the `/ue` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks.

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1`
For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | -| **/md**:*OldDomain*:*NewDomain*
or
**/md**:*LocalComputerName:NewDomain* | **(Move domain)**

Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character.

You can specify this option more than once. You may want to specify multiple `/md` options if you're consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`.

If there are conflicts between two `/md` commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain.
**Note**
If you specify an *OldDomain* that didn't exist on the source computer, the `LoadState.exe` command will appear to complete successfully, without an error or warning. However, in this case, users won't be moved to *NewDomain* but will remain in their original domain. For example, if you misspell **contoso** and you instead specify **/md:contso:fabrikam**, the users will remain in **contoso** on the destination computer.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
` /progress:prog.log /l:load.log /md:contoso:fabrikam` | +| **/ui**:*DomainName UserName*
or
**/ui**:*"DomainName User Name"*
or
**/ui**:*ComputerName LocalUserName* | **(User include)**

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` option. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotations marks (`"`).
For example:
  • To include only User2 from the Corporate domain, type:
    `/ue:* /ui:corporate\user2`
**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | +| **/uel**:*``*
or
**/uel**:*``*
or
**/uel**:0 | **(User exclude based on last logon)**

Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the `ScanState.exe` command is run. You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed into another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.

Examples:
  • `/uel:0` migrates accounts that were logged on to the source computer when the `ScanState.exe` command was run.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose accounts have been modified within the last 24 hours.
  • `/uel:2020/2/15` migrates users who have logged on or whose accounts have been modified since February 15, 2020.

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0` | +| **/ue**:*DomainName\UserName*
or
**/ue** *"DomainName\User Name"*
or
**/ue**:*ComputerName\LocalUserName* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options but you can't use the `/ue` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`).

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1`
For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | +| **/md**:*OldDomain*:*NewDomain*
or
**/md**:*LocalComputerName:NewDomain* | **(Move domain)**

Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character.

You can specify this option more than once. You may want to specify multiple `/md` options if you're consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`.

If there are conflicts between two `/md` commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain.
**Note**
If you specify an *OldDomain* that didn't exist on the source computer, the `LoadState.exe` command will appear to complete successfully, without an error or warning. However, in this case, users won't be moved to *NewDomain* but will remain in their original domain. For example, if you misspell **contoso** and you instead specify **/md:contso:fabrikam**, the users will remain in **contoso** on the destination computer.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
` /progress:prog.log /l:load.log /md:contoso:fabrikam` | | **/mu**:*OldDomain OldUserName*:[*NewDomain*]*NewUserName*
or
**/mu**:*OldLocalUserName*:*NewDomain NewUserName* | **(Move user)**

Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple `/mu` options. You can't use wildcard characters with this option.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /mu:contoso\user1:fabrikam\user1` | -| **/lac**:[*Password*] | **(Local account create)**

Specifies that if a user account is a local (non-domain) account, and it doesn't exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the `/lae` option.

If the `/lac` option isn't specified, any local user accounts that don't already exist on the destination computer won't be migrated.

*Password* is the password for the newly created account. An empty password is used by default.
**Caution**
Use the *Password* variable with caution because it's provided in plain text and can be obtained by anyone with access to the computer that is running the `LoadState.exe` command.
Also, if the computer has multiple users, all migrated users will have the same password.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | +| **/lac**:[*Password*] | **(Local account create)**

Specifies that if a user account is a local (non-domain) account, and it doesn't exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the `/lae` option.

If the `/lac` option isn't specified, any local user accounts that don't already exist on the destination computer won't be migrated.

*Password* is the password for the newly created account. An empty password is used by default.
**Caution**
Use the *Password* variable with caution because it's provided in plain text and can be obtained by anyone with access to the computer that is running the `LoadState.exe` command.
Also, if the computer has multiple users, all migrated users will have the same password.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | | `/lae` | **(Local account enable)**

Enables the account that was created with the `/lac` option. You must specify the `/lac` option with this option.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /lac:password /lae`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | ### Examples for the /ui and /ue options @@ -124,7 +128,7 @@ You can use the `/uel`, `/ue` and `/ui` options together to migrate only the use ## Incompatible command-line options -The following table indicates which command-line options aren't compatible with the `LoadState.exe` command. If the table entry for a particular combination is blank, the options are compatible, and you can use them together. The X symbol means that the options aren't compatible. For example, you can't use the `/nocompress` option with the `/encrypt` option. +The following table indicates which command-line options aren't compatible with the `LoadState.exe` command. If the table entry for a particular combination is blank, the options are compatible, and you can use them together. The X symbol means that the options aren't compatible. For example, you can't use the `/nocompress` option with the `/encrypt` option. | Command-Line Option | /keyfile | /nocompress | /genconfig | /all | |--- |--- |--- |--- |--- | diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index 6354c269db..9fea9c01e5 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -34,7 +34,7 @@ The following table lists the operating systems supported in USMT. ## Unsupported scenarios - USMT doesn't support any of the Windows Server® operating systems. -- USMT for Windows 10 shouldn't be used for migrating between previous versions of Windows. USMT for Windows 10 is only meant to migrate to Windows 10 or between Windows 10 versions. For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) Overview](/previous-versions/windows/hh825227(v=win.10). +- USMT for Windows 10 shouldn't be used for migrating between previous versions of Windows. USMT for Windows 10 is only meant to migrate to Windows 10 or between Windows 10 versions. For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) overview](/previous-versions/windows/hh825227(v=win.10)). ## Windows PE diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index 7c9fe4f205..a8904c9c4b 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Return codes -This topic describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this topic provides tips to help you use the logfiles to determine why you received an error. +This article describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this article provides tips to help you use the logfiles to determine why you received an error. Understanding the requirements for running USMT can help minimize errors in your USMT migrations. For more information, see [USMT Requirements](usmt-requirements.md). @@ -33,11 +33,11 @@ Return codes are grouped into the following broad categories that describe their - Fatal Errors -As a best practice, we recommend that you set verbosity level to 5, `v:5`, on the `ScanState.exe`, `LoadState.exe`, and `USMTUtils.exe` command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger. +As a best practice, we recommend that you set verbosity level to 5, `v:5`, on the `ScanState.exe`, `LoadState.exe`, and `UsmtUtils.exe` command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger. ## USMT error messages -Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of **11** (for **USMT_INVALID_PARAMETERS**) and a related error message that reads **/key and /keyfile both specified**. The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received. +Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **UsmtUtils** tool might return a code of **11** (for **USMT_INVALID_PARAMETERS**) and a related error message that reads **/key and /keyfile both specified**. The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **UsmtUtils** log files to help you determine why the return code was received. You can obtain more information about any listed **Windows** system error codes by typing in a command prompt window `net.exe helpmsg ` where ** is the error code number generated by the error message. For more information about System Error Codes, see [System Error Codes (0-499)](/windows/win32/debug/system-error-codes--0-499-). @@ -139,7 +139,7 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Log path argument is invalid for /l** | When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct. | +| **Log path argument is invalid for /l** | When `/l` is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct. | ### 14: USMT_ERROR_USE_LAC @@ -147,7 +147,7 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Unable to create a local account because /lac was not specified** | When creating local accounts, the command-line options /lac and /lae should be used. | +| **Unable to create a local account because /lac was not specified** | When creating local accounts, the command-line options `/lac` and `/lae` should be used. | ### 26: USMT_INIT_ERROR @@ -155,9 +155,9 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Multiple Windows installations found** | Listfiles.txt could not be created. Verify that the location you specified for the creation of this file is valid. | -| **Software malfunction or unknown exception** | Check all loaded .xml files for errors, common error when using /I to load the Config.xml file. | -| **Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries** | Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping. | +| **Multiple Windows installations found** | Listfiles.txt couldn't be created. Verify that the location you specified for the creation of this file is valid. | +| **Software malfunction or unknown exception** | Check all loaded .xml files for errors, common error when using `/i` to load the Config.xml file. | +| **Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries** | Verify that the offline input file is present and that it has valid entries. USMT couldn't find valid offline operating system. Verify your offline directory mapping. | ### 27: USMT_INVALID_STORE_LOCATION @@ -165,12 +165,12 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **A store path can't be used because an existing store exists; specify /o to overwrite** | Specify /o to overwrite an existing intermediate or migration store. | +| **A store path can't be used because an existing store exists; specify /o to overwrite** | Specify `/o` to overwrite an existing intermediate or migration store. | | **A store path is missing or has incomplete data** | Make sure that the store path is accessible and that the proper permission levels are set. | -| **An error occurred during store creation** | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | +| **An error occurred during store creation** | Make sure that the store path is accessible and that the proper permission levels are set. Specify `/o` to overwrite an existing intermediate or migration store. | | **An inappropriate device such as a floppy disk was specified for the store** | Make sure that the store path is accessible and that the proper permission levels are set. | | **Invalid store path; check the store parameter and/or file system permissions** | Invalid store path; check the store parameter and/or file system permissions. | -| **The file layout and/or file content is not recognized as a valid store** | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. | +| **The file layout and/or file content is not recognized as a valid store** | Make sure that the store path is accessible and that the proper permission levels are set. Specify `/o` to overwrite an existing intermediate or migration store. | | **The store path holds a store incompatible with the current USMT version** | Make sure that the store path is accessible and that the proper permission levels are set. | | **The store save location is read-only or does not support a requested storage option** | Make sure that the store path is accessible and that the proper permission levels are set. | @@ -180,7 +180,7 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Script file is invalid for /i** | Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file. | +| **Script file is invalid for /i** | Check all specified migration .xml files for errors. This error is common when using `/i` to load the `Config.xml` file. | | **Unable to find a script file specified by /i** | Verify the location of your script files, and ensure that the command-line options are correct. | ### 29: USMT_FAILED_MIGSTARTUP @@ -203,15 +203,13 @@ The following information lists each return code by numeric value, along with th | --- | --- | | **An error occurred during the discover phase; the log should have more specific information** | Check the ScanState log file for migration .xml file errors. | - ### 32: USMT_FAILED_SETMIGRATIONTYPE - **Category**: Setup and Initialization | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **An error occurred processing the migration system** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | - +| **An error occurred processing the migration system** | Check the ScanState log file for migration .xml file errors, or use online Help by typing `/?` on the command line. | ### 33: USMT_UNABLE_READKEY @@ -219,8 +217,8 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Error accessing the file specified by the /keyfile parameter** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | -| **The encryption key must have at least one character** | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. | +| **Error accessing the file specified by the /keyfile parameter** | Check the ScanState log file for migration .xml file errors, or use online Help by typing `/?` on the command line. | +| **The encryption key must have at least one character** | Check the ScanState log file for migration .xml file errors, or use online Help by typing `/?` on the command line. | ### 34: USMT_ERROR_INSUFFICIENT_RIGHTS @@ -228,9 +226,9 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Directory removal requires elevated privileges** | Log on as Administrator, and run with elevated privileges. | -| **No rights to create user profiles; log in as Administrator; run with elevated privileges** | Log on as Administrator, and run with elevated privileges. | -| **No rights to read or delete user profiles; log in as Administrator, run with elevated privileges** | Log on as Administrator, and run with elevated privileges. | +| **Directory removal requires elevated privileges** | Sign in as Administrator, and run with elevated privileges. | +| **No rights to create user profiles; log in as Administrator; run with elevated privileges** | Sign in as Administrator, and run with elevated privileges. | +| **No rights to read or delete user profiles; log in as Administrator, run with elevated privileges** | Sign in as Administrator, and run with elevated privileges. | ### 35: USMT_UNABLE_DELETE_STORE @@ -238,8 +236,8 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **A reboot is required to remove the store** | Reboot to delete any files that could not be deleted when the command was executed. | -| **A store path can't be used because it contains data that could not be overwritten** | A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use **USMTUtils /rd** command to delete the store. | +| **A reboot is required to remove the store** | Reboot to delete any files that couldn't be deleted when the command was executed. | +| **A store path can't be used because it contains data that could not be overwritten** | A migration store couldn't be deleted. If you're using a hardlink migration store, you might have a locked file in it. You should manually delete the store, or use `UsmtUtils.exe /rd` command to delete the store. | | **There was an error removing the store** | Review ScanState log or LoadState log for details about command-line errors. | ### 36: USMT_ERROR_UNSUPPORTED_PLATFORM @@ -248,9 +246,9 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Compliance check failure; please check the logs for details** | Investigate whether there is an active temporary profile on the system. | -| **Use of /offline is not supported during apply** | The **/offline** command was not used while running in the Windows Preinstallation Environment (WinPE). | -| **Use /offline to run gather on this platform** | The **/offline** command was not used while running in WinPE. | +| **Compliance check failure; please check the logs for details** | Investigate whether there's an active temporary profile on the system. | +| **Use of /offline is not supported during apply** | The `/offline` command wasn't used while running in the Windows Preinstallation Environment (WinPE). | +| **Use /offline to run gather on this platform** | The `/offline` command wasn't used while running in WinPE. | ### 37: USMT_ERROR_NO_INVALID_KEY @@ -258,9 +256,7 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **The store holds encrypted data but the correct encryption key was not provided** | Verify that you have included the correct encryption /key or /keyfile. | - -- **Category**: Setup and Initialization +| **The store holds encrypted data but the correct encryption key was not provided** | Verify that the correct encryption key or keyfile was included with the `/key` or `/keyfile` option. | ### 38: USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE @@ -277,7 +273,7 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | | **Error reading Config.xml** | Review ScanState log or LoadState log for details about command-line errors in the Config.xml file. | -| **File argument is invalid for /config** | Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line. | +| **File argument is invalid for /config** | Check the command line you used to load the Config.xml file. You can use online Help by typing `/?` on the command line. | ### 40: USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG @@ -285,8 +281,8 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Error writing to the progress log** | The Progress log could not be created. Verify that the location is valid and that you have write access. | -| **Progress log argument is invalid for /progress** | The Progress log could not be created. Verify that the location is valid and that you have write access. | +| **Error writing to the progress log** | The Progress log couldn't be created. Verify that the location is valid and that you have write access. | +| **Progress log argument is invalid for /progress** | The Progress log couldn't be created. Verify that the location is valid and that you have write access. | ### 41: USMT_PREFLIGHT_FILE_CREATION_FAILED @@ -294,7 +290,7 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Can't overwrite existing file** | The Progress log could not be created. Verify that the location is valid and that you have write access. | +| **Can't overwrite existing file** | The Progress log couldn't be created. Verify that the location is valid and that you have write access. | | **Invalid space estimate path. Check the parameters and/or file system permissions** | Review ScanState log or LoadState log for details about command-line errors. | ### 42: USMT_ERROR_CORRUPTED_STORE @@ -303,7 +299,7 @@ The following information lists each return code by numeric value, along with th | Error message | The store contains one or more corrupted files | | --- | --- | -| **The store holds encrypted data but the correct encryption key was not provided** | Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md). | +| **The store holds encrypted data but the correct encryption key was not provided** | Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that aren't corrupted, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md). | ### 61: USMT_MIGRATION_STOPPED_NONFATAL @@ -322,7 +318,7 @@ The following information lists each return code by numeric value, along with th | **A Windows Win32 API error occurred** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | | **An error occurred when attempting to initialize the diagnostic mechanisms such as the log** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | | **Failed to record diagnostic information** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. | -| **Unable to start. Make sure you are running USMT with elevated privileges** | Exit USMT and log in again with elevated privileges. | +| **Unable to start. Make sure you are running USMT with elevated privileges** | Exit USMT and sign in again with elevated privileges. | ### 72: USMT_UNABLE_DOMIGRATION @@ -336,7 +332,7 @@ The following information lists each return code by numeric value, along with th | **Out of disk space while writing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | | **Out of temporary disk space on the local system** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. | -## Related topics +## Related articles [User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md) diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index c3c9933bf0..c1b45a18b9 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -1,6 +1,6 @@ --- -title: ScanState Syntax (Windows 10) -description: The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. +title: **ScanState** Syntax (Windows 10) +description: The **ScanState** command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,154 +11,136 @@ ms.topic: article ms.technology: itpro-deploy --- -# ScanState Syntax +# ScanState syntax -The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. +The `ScanState.exe` command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. This article discusses the `ScanState.exe` command syntax and the options available with it. -## In This Topic +## Before you begin -[Before You Begin](#bkmk-beforeyoubegin) +Before you run the `ScanState.exe` command, note the items: -[Syntax](#bkmk-syntax) +- To ensure that all operating system settings migrate, in most cases you must run the `ScanState.exe` commands in administrator mode from an account with administrative credentials. -[Storage Options](#bkmk-storageoptions) +- If you encrypt the migration store, you'll be required to enter an encryption key or a path to a file containing the encryption key. Be sure to make note of the key or the key file location, because this information isn't kept anywhere in the migration store. You'll need this information when you run the `LoadState.exe` command to decrypt the migration store, or if you need to run the recovery utility. An incorrect or missing key or key file results in an error message. -[Migration Rule Options](#bkmk-migrationruleoptions) +- For information about software requirements for running the `ScanState.exe` command, see [USMT requirements](usmt-requirements.md). -[Monitoring Options](#monitoring-options) +- Unless otherwise noted, you can use each option only once when running a tool on the command line. -[User Options](#bkmk-useroptions) +- You can gather domain accounts without the source computer having domain controller access. This functionality is available without any extra configuration. -[Encrypted file options](#encrypted-file-options) +- The [Incompatible command-line options](#incompatible-command-line-options) table lists which options you can use together and which command-line options are incompatible. -[Incompatible Command-Line Options](#bkmk-iclo) +- The directory location where you save the migration store will be excluded from the scan. For example, if you save the migration store to the root of the D drive, the D drive and all of its subdirectories will be excluded from the scan. -## Before You Begin +## Syntax -Before you run the **ScanState** command, note the following: +This section explains the syntax and usage of the command-line options available when you use the `ScanState.exe` command. The options can be specified in any order. If the option contains a parameter, you can use either a colon or a space separator. -- To ensure that all operating system settings migrate, in most cases you must run the **ScanState** commands in administrator mode from an account with administrative credentials. +The `ScanState.exe` command's syntax is: -- If you encrypt the migration store, you will be required to enter an encryption key or a path to a file containing the encryption key. Be sure to make note of the key or the key file location, because this information is not kept anywhere in the migration store. You will need this information when you run the LoadState command to decrypt the migration store, or if you need to run the recovery utility. An incorrect or missing key or key file results in an error message. +> scanstate.exe \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\] -- For information about software requirements for running the **ScanState** command, see [USMT Requirements](usmt-requirements.md). +For example, to create a `Config.xml` file in the current directory, use: -- Unless otherwise noted, you can use each option only once when running a tool on the command line. +`scanstate.exe /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13` -- You can gather domain accounts without the source computer having domain controller access. This functionality is available without any extra configuration. +To create an encrypted store using the `Config.xml` file and the default migration .xml files, use: -- The [Incompatible Command-Line Options](#bkmk-iclo) table lists which options you can use together and which command-line options are incompatible. +`scanstate.exe \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:13 /encrypt /key:"mykey"` -- The directory location where you save the migration store will be excluded from the scan. For example, if you save the migration store to the root of the D drive, the D drive and all of its subdirectories will be excluded from the scan. - -## Syntax - -This section explains the syntax and usage of the **ScanState** command-line options. The options can be specified in any order. If the option contains a parameter, you can use either a colon or a space separator. - -The **ScanState** command's syntax is: - -> scanstate \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\] - -For example, to create a Config.xml file in the current directory, use: - -`scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13` - -To create an encrypted store using the Config.xml file and the default migration .xml files, use: - -`scanstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:13 /encrypt /key:"mykey"` - -## Storage Options +## Storage options | Command-Line Option | Description | |-----|-----| -| *StorePath* | Indicates a folder where files and settings will be saved. Note that *StorePath* cannot be **C:\**. You must specify the *StorePath* option in the **ScanState** command, except when using the **/genconfig** option. You cannot specify more than one *StorePath* location. | +| *StorePath* | Indicates a folder where files and settings will be saved. *StorePath* can't be `C:\`. You must specify the *StorePath* option in the `ScanState.exe` command, except when using the `/genconfig` option. You can't specify more than one *StorePath* location. | | **/apps** | Scans the image for apps and includes them and their associated registry settings. | | **/ppkg** [*<FileName>*] | Exports to a specific file location. | -| **/o** | Required to overwrite any existing data in the migration store or Config.xml file. If not specified, the **ScanState** command will fail if the migration store already contains data. You cannot use this option more than once on a command line. | -| **/vsc** | This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the **<ErrorControl>** section.

This option can be used only with the ScanState executable file and cannot be combined with the **/hardlink** option. | -| **/hardlink** | Enables the creation of a hard-link migration store at the specified location. The **/nocompress** option must be specified with the **/hardlink** option. | -| **/encrypt** [{**/key:** *<KeyString>* | **/keyfile**:*<file>*]} | Encrypts the store with the specified key. Encryption is disabled by default. With this option, you will need to specify the encryption key-in one of the following ways:
  • **/key:** *KeyString* specifies the encryption key. If there is a space in *KeyString*, you will need to surround *KeyString* with quotation marks.
  • **/keyfile:** *FilePathAndName* specifies a text (.txt) file that contains the encryption key.

We recommend that *KeyString* be at least eight characters long, but it cannot exceed 256 characters. The **/key** and **/keyfile** options cannot be used on the same command line. The **/encrypt** and **/nocompress** options cannot be used on the same command line.
**Important**
You should use caution with this option, because anyone who has access to the **ScanState** command-line script will also have access to the encryption key.

The following example shows the ScanState command and the **/key** option:
`scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /encrypt /key:mykey` | -| **/encrypt**:*<EncryptionStrength>* | The **/encrypt** option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | -| **/nocompress** | Disables compression of data and saves the files to a hidden folder named "File" at *StorePath*\USMT. Compression is enabled by default. Combining the **/nocompress** option with the **/hardlink** option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you are combining the **/nocompress** option with the **/hardlink** option.

The **/nocompress** and **/encrypt** options cannot be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the **LoadState** command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.

For example:
`scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /nocompress` | +| **/o** | Required to overwrite any existing data in the migration store or `Config.xml` file. If not specified, the `ScanState.exe` command will fail if the migration store already contains data. You can't use this option more than once on a command line. | +| **/vsc** | This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the **<ErrorControl>** section.

This option is only used with the **ScanState** executable file and can't be combined with the `/hardlink` option. | +| **/hardlink** | Enables the creation of a hard-link migration store at the specified location. The `/nocompress` option must be specified with the `/hardlink` option. | +| **/encrypt** [{**/key:** *<KeyString>* | **/keyfile**:*<file>*]} | Encrypts the store with the specified key. Encryption is disabled by default. With this option, you'll need to specify the encryption key-in one of the following ways:
  • `/key`: *KeyString* specifies the encryption key. If there's a space in *KeyString*, you'll need to surround *KeyString* with quotation marks (`"`).
  • `/keyfile`: *FilePathAndName* specifies a text (`.txt`) file that contains the encryption key.

*KeyString* is recommended to be at least eight characters long, but it can't exceed 256 characters. The `/key` and `/keyfile` options can't be used on the same command line. The `/encrypt` and `/nocompress` options can't be used on the same command line.
**Important**
Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `ScanState.exe` command with these options will also have access to the encryption key.

The following example shows the `ScanState.exe` command and the `/key` option:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /encrypt /key:mykey` | +| **/encrypt**:*<EncryptionStrength>* | The `/encrypt` option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | +| **/nocompress** | Disables compression of data and saves the files to a hidden folder named "File" at *StorePath*\USMT. Compression is enabled by default. Combining the `/nocompress` option with the `/hardlink` option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you're combining the `/nocompress` option with the `/hardlink` option.

The `/nocompress` and `/encrypt` options can't be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the `LoadState.exe` command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.

For example:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /nocompress` | -## Run the ScanState Command on an Offline Windows System +## Run the ScanState command on an offline Windows system -You can run the **ScanState** command in Windows Preinstallation Environment (WinPE). In addition, USMT supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the **ScanState** command in WinPE or a Windows.old directory when you run the **ScanState** command in Windows. +You can run the `ScanState.exe` command in Windows Preinstallation Environment (WinPE). In addition, USMT supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the `ScanState.exe` command in WinPE or a Windows.old directory when you run the `ScanState.exe` command in Windows. -There are several benefits to running the **ScanState** command on an offline Windows image, including: +There are several benefits to running the `ScanState.exe` command on an offline Windows image, including: -- **Improved Performance.** +- **Improved performance.** - Because WinPE is a thin operating system, there are fewer running services. In this environment, the **ScanState** command has more access to the local hardware resources, enabling **ScanState** to perform migration operations more quickly. + Because WinPE is a thin operating system, there are fewer running services. In this environment, the `ScanState.exe` command has more access to the local hardware resources, enabling **ScanState** to perform migration operations more quickly. -- **Simplified end to end deployment process.** +- **Simplified end to end deployment process.** Migrating data from Windows.old simplifies the end-to-end deployment process by enabling the migration process to occur after the new operating system is installed. -- **Improved success of migration.** +- **Improved success of migration.** - The migration success rate is increased because files will not be locked for editing while offline, and because WinPE provides administrator access to files in the offline Windows file system, eliminating the need for administrator-level access to the online system. + The migration success rate is increased because files won't be locked for editing while offline, and because WinPE provides administrator access to files in the offline Windows file system, eliminating the need for administrator-level access to the online system. -- **Ability to recover an unbootable computer.** +- **Ability to recover an unbootable computer.** It might be possible to recover and migrate data from an unbootable computer. -## Offline Migration Options +## Offline migration options |Command-Line Option|Definition| |--- |--- | |**/offline:** *"path to an offline.xml file"*|This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.| -|**/offlinewindir:** *"path to a Windows directory"*|This option specifies the offline Windows directory that the **ScanState** command gathers user state from. The offline directory can be Windows.old when you run the **ScanState** command in Windows or a Windows directory when you run the **ScanState** command in WinPE.| -|**/offlinewinold:** *"Windows.old directory"*|This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| +|**/offlinewindir:** *"path to a Windows directory"*|This option specifies the offline Windows directory that the `ScanState.exe` command gathers user state from. The offline directory can be Windows.old when you run the `ScanState.exe` command in Windows or a Windows directory when you run the `ScanState.exe` command in WinPE.| +|**/offlinewinold:** *"Windows.old directory"*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| -## Migration Rule Options +## Migration rule options USMT provides the following options to specify what files you want to migrate. | Command-Line Option | Description | |-----|-----| -| **/i:**[*Path*]*FileName* | **(include)**

Specifies an .xml file that contains rules that define what user, application, or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigDocs.xml, and any custom .xml files that you create). *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the [Frequently Asked Questions](usmt-faq.yml) topic. | -| **/genconfig:**[*Path*]*FileName* | (Generate **Config.xml**)

Generates the optional Config.xml file, but does not create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications, and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the **/i** option, when you specify this option.

After you create this file, you will need to make use of it with the **ScanState** command using the **/config** option.

The only options that you can specify with this option are the **/i**, **/v**, and **/l** options. You cannot specify *StorePath*, because the **/genconfig** option does not create a store. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.

Examples:
  • The following example creates a Config.xml file in the current directory:
    `scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`
| -| **/config:**[*Path*]*FileName* | Specifies the Config.xml file that the **ScanState** command should use to create the store. You cannot use this option more than once on the command line. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory.

The following example creates a store using the Config.xml file, MigDocs.xml, and MigApp.xml files:
`scanstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log`

The following example migrates the files and settings to the destination computer using the **Config.xml**, **MigDocs.xml**, and **MigApp.xml** files:
`loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` | -| **/auto:** *path to script files* | This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The **/auto** option has the same effect as using the following options: **/i: MigDocs.xml** **/i:MigApp.xml /v:5**. | -| **/genmigxml:** *path to a file* | This option specifies that the **ScanState** command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the **ScanState** command is running. | -| **/targetwindows8** | Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command-line option in the following scenarios:
  • **To create a Config.xml file by using the /genconfig option.** Using the **/targetwindows8** option optimizes the Config.xml file so that it only contains components that relate to Windows 8 or Windows 8.1.
  • **To create a migration store.** Using the **/targetwindows8** option ensures that the ScanState tool gathers the correct set of operating system settings. Without the **/targetwindows8** command-line option, some settings can be lost during the migration.
| -| **/targetwindows7** | Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command-line option in the following scenarios:
  • **To create a Config.xml file by using the /genconfig option.** Using the **/targetwindows7** option optimizes the Config.xml file so that it only contains components that relate to Windows 7.
  • **To create a migration store.** Using the **/targetwindows7** option ensures that the ScanState tool gathers the correct set of operating system settings. Without the **/targetwindows7** command-line option, some settings can be lost during the migration.
| -| **/localonly** | Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the **/localonly** option is not specified, then the **ScanState** command will copy files from these removable or network drives into the store.

Anything that is not considered a fixed drive by the OS will be excluded by **/localonly**. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md).

The **/localonly** command-line option includes or excludes data in the migration as identified in the following:
  • **Removable drives such as a USB flash drive** - Excluded
  • **Network drives** - Excluded
  • **Fixed drives** - Included
| +| **/i:**[*Path*]*FileName* | **(include)**

Specifies an .xml file that contains rules that define what user, application, or system state to migrate. You can specify this option multiple times to include all of your .xml files (`MigApp.xml`, `MigDocs.xml`, and any custom .xml files that you create). *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the [Frequently asked questions](usmt-faq.yml) article. | +| **/genconfig:**[*Path*]*FileName* | (Generate **Config.xml**)

Generates the optional `Config.xml` file, but doesn't create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications, and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the **/i** option, when you specify this option.

After you create this file, you'll need to make use of it with the `ScanState.exe` command using the **/config** option.

The only options that you can specify with this option are the `/i`, `/v`, and `/l` options. You can't specify *StorePath*, because the `/genconfig` option doesn't create a store. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

Examples:
  • The following example creates a `Config.xml` file in the current directory:
    `scanstate.exe /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`
| +| **/config:**[*Path*]*FileName* | Specifies the `Config.xml` file that the `ScanState.exe` command should use to create the store. You can't use this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory.

The following example creates a store using the `Config.xml` file, `MigDocs.xml`, and `MigApp.xml` files:
`scanstate.exe \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log`

The following example migrates the files and settings to the destination computer using the `Config.xml`, `MigDocs.xml`, and `MigApp.xml` files:
`loadstate.exe \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` | +| **/auto:** *path to script files* | This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i: MigDocs.xml /i:MigApp.xml /v:5`. | +| **/genmigxml:** *path to a file* | This option specifies that the `ScanState.exe` command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the `ScanState.exe` command is running. | +| **/targetwindows8** | Optimizes `ScanState.exe` when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command-line option in the following scenarios:
  • **To create a `Config.xml` file by using the `/genconfig` option.** Using the `/targetwindows8` option optimizes the `Config.xml` file so that it only contains components that relate to Windows 8 or Windows 8.1.
  • **To create a migration store.** Using the `/targetwindows8` option ensures that the **ScanState** tool gathers the correct set of operating system settings. Without the `/targetwindows8` command-line option, some settings can be lost during the migration.
| +| **/targetwindows7** | Optimizes `ScanState.exe` when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command-line option in the following scenarios:
  • **To create a `Config.xml` file by using the `/genconfig` option.** Using the **/targetwindows7** option optimizes the `Config.xml` file so that it only contains components that relate to Windows 7.
  • **To create a migration store.** Using the `/targetwindows7` option ensures that the **ScanState** tool gathers the correct set of operating system settings. Without the `/targetwindows7` command-line option, some settings can be lost during the migration.
| +| **/localonly** | Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the `/localonly` option isn't specified, then the `ScanState.exe` command will copy files from these removable or network drives into the store.

Anything that isn't considered a fixed drive by the OS will be excluded by `/localonly`. In some cases, large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom .xml file. For more information about how to exclude all files on a specific drive, see [Exclude files and settings](usmt-exclude-files-and-settings.md).

The `/localonly` command-line option includes or excludes data in the migration as identified in the following storage locations:
  • **Removable drives such as a USB flash drive** - Excluded
  • **Network drives** - Excluded
  • **Fixed drives** - Included
| ## Monitoring options USMT provides several options that you can use to analyze problems that occur during migration. > [!NOTE] -> The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option. +> The **ScanState** log is created by default, but you can specify the name and location of the log with the **/l** option. | Command-Line Option | Description | |-----|-----| -| **/listfiles**:<FileName> | You can use the **/listfiles** command-line option with the **ScanState** command to generate a text file that lists all of the files included in the migration. | -| **/l:**[*Path*]*FileName* | Specifies the location and name of the ScanState log.

You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the log will be created in the current directory. You can use the **/v** option to adjust the amount of output.

If you run the **ScanState** or **LoadState** commands from a shared network resource, you must specify this option or USMT will fail with the following error: "USMT was unable to create the log file(s)". To fix this issue, use the /**l: scan.log** command. | -| **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the ScanState log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`scanstate \server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml`| -| /**progress**:[*Path*]*FileName* | Creates the optional progress log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`scanstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log` | -| **/c** | When this option is specified, the **ScanState** command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit in the store, the **ScanState** command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the **/c** option, the **ScanState** command will exit on the first error.

You can use the new <**ErrorControl**> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This advantage in the Config.xml file enables the /**c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /**genconfig** option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the Config.xml file. | -| **/r:***<TimesToRetry>* | **(Retry)**

Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

While storing the user state, the **/r** option will not be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | +| **/listfiles**:<FileName> | You can use the `/listfiles` command-line option with the `ScanState.exe` command to generate a text file that lists all of the files included in the migration. | +| **/l:**[*Path*]*FileName* | Specifies the location and name of the **ScanState** log.

You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the log will be created in the current directory. You can use the `/v` option to adjust the amount of output.

If you run the `ScanState.exe` command from a shared network resource, you must specify the `/l` option, or USMT will fail with the following error:

***USMT was unable to create the log file(s)***

To fix this issue, make sure to specify the `/l` option when running `ScanState.exe` from a shared network resource. | +| **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the **ScanState** log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`scanstate.exe \server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml`| +| **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`scanstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log` | +| **/c** | When this option is specified, the `ScanState.exe` command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there's a large file that won't fit in the store, the `ScanState.exe` command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the `/c` option, the `ScanState.exe` command will exit on the first error.

You can use the new <**ErrorControl**> section in the `Config.xml` file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This advantage in the `Config.xml` file enables the `/c` command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /`genconfig` option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the `Config.xml` file. | +| **/r:***<TimesToRetry>* | **(Retry)**

Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity isn't reliable.

While storing the user state, the `/r` option won't be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | | **/w:***<SecondsBeforeRetry>* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | -| **/p:***<pathToFile>* | When the **ScanState** command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:
`Scanstate.exe C:\MigrationLocation [additional parameters]`
`/p:"C:\MigrationStoreSize.xml"`

For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).

To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the **/p** option, without specifying *"pathtoafile"*, in USMT. If you specify only the **/p** option, the storage space estimations are created in the same manner as with USMT3.x releases. | -| /**?** or /**help** | Displays Help at the command line. | +| **/p:***<pathToFile>* | When the `ScanState.exe` command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:
`Scanstate.exe C:\MigrationLocation [additional parameters]`
`/p:"C:\MigrationStoreSize.xml"`

For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).

To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the `/p` option, without specifying *"pathtoafile"*, in USMT. If you specify only the `/p` option, the storage space estimations are created in the same manner as with USMT3.x releases. | +| **/?** or **/help** | Displays Help at the command line. | -## User Options +## User options -By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You cannot exclude users in the migration .xml files or using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md) and [Migrate User Accounts](usmt-migrate-user-accounts.md). +By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You can't exclude users in the migration .xml files or using the `Config.xml` file. For more information, see [Identify users](usmt-identify-users.md) and [Migrate user accounts](usmt-migrate-user-accounts.md). | Command-Line Option | Description | |-----|-----| -| /**all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /**ue** or /**uel** options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /**all** option, you cannot also use the /**ui**, /**ue** or /**uel** options. | -| /**ui**:*<DomainName>*\*<UserName>*
or
/**ui**:*<ComputerName>*\*<LocalUserName>* | **(User include)**

Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /**ue** or /**uel** options. You can specify multiple /**ui** options, but you cannot use the /**ui** option with the /**all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.
**Note**
If a user is specified for inclusion with the /**ui** option, and also is specified to be excluded with either the /**ue** or /**uel** options, the user will be included in the migration.

For example:
  • To include only User2 from the Fabrikam domain, type:
    `/ue:*\* /ui:fabrikam\user2`
  • To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:
    `/uel:30 /ui:fabrikam\*`
    In this example, a user account from the Contoso domain that was last modified two months ago will not be migrated.

For more examples, see the descriptions of the /**ue** and /**ui** options in this table. | -| /**uel**:*<NumberOfDays>*
or
/**uel**:*<YYYY/MM/DD>*
or
**/uel:0** | **(User exclude based on last logon)**

Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The /**uel** option acts as an include rule. For example, the **/uel:30** option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.

You can specify the number of days or you can specify a date. You cannot use this option with the /**all** option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has signed in to another computer, that sign-in instance is not considered by USMT.
**Note**
The /**uel** option is not valid in offline migrations.
  • **/uel:0** migrates any users who are currently logged on.
  • **/uel:90** migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • **/uel:1** migrates users whose account has been modified within the last 24 hours.
  • **/uel:2002/1/15** migrates users who have logged on or been modified January 15, 2002 or afterwards.

For example:
`scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0` | -| /**ue**:*<DomainName>*\*<UserName>*
-or-

/**ue**:*<ComputerName>*\*<LocalUserName>* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple /**ue** options. You cannot use this option with the /**all** option. *<DomainName>* and *<UserName>* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.

For example:
`scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1` | +| **/all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to specify the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. | +| **/ui**:*<DomainName>*\*<UserName>*
or
**/ui**:*<ComputerName>*\*<LocalUserName>* | **(User include)**

Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` or `/uel` options. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`).
**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For example:
  • To include only User2 from the Fabrikam domain, type:
    `/ue:*\* /ui:fabrikam\user2`
  • To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:
    `/uel:30 /ui:fabrikam\*`
    In this example, a user account from the Contoso domain that was last modified two months ago won't be migrated.

For more examples, see the descriptions of the `/ue` and `/ui` options in this table. | +| **/uel**:*<NumberOfDays>*
or
**/uel**:*<YYYY/MM/DD>*
or
**/uel:0** | **(User exclude based on last logon)**

Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the `ScanState.exe` command is run.

You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed in to another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.
  • `/uel:0` migrates any users who are currently logged on.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose account has been modified within the last 24 hours.
  • `/uel:2020/2/15` migrates users who have logged on or been modified February 15, 2020 or afterwards.

For example:
`scanstate.exe /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0` | +| **/ue**:*<DomainName>*\*<UserName>*
-or-

**/ue**:*<ComputerName>*\*<LocalUserName>* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options. You can't use this option with the `/all` option. *<DomainName>* and *<UserName>* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks (`"`).

For example:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1` | -## How to Use /ui and /ue +## How to use /ui and /ue -The following examples apply to both the /**ui** and /**ue** options. You can replace the /**ue** option with the /**ui** option to include, rather than exclude, the specified users. +The following examples apply to both the `/ui` and `/ue` options. You can replace the `/ue` option with the `/ui` option to include, rather than exclude, the specified users. |Behavior|Command| |--- |--- | @@ -169,73 +151,73 @@ The following examples apply to both the /**ui** and /**ue** options. You can re |Exclude all local users.|`/ue:%computername%\*`| |Exclude users in all domains named User1, User2, and so on.|`/ue:*\user*`| -## Using the Options Together +## Using the options together -You can use the /**uel**, /**ue** and /**ui** options together to migrate only the users that you want migrated. +You can use the `/uel`, `/ue` and `/ui` options together to migrate only the users that you want migrated. -The /**ui** option has precedence over the /**ue** and /**uel** options. If a user is specified to be included using the /**ui** option, and also specified to be excluded using either the /**ue** or /**uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the /**ui** option takes precedence over the /**ue** option. +The `/ui` option has precedence over the `/ue` and `/uel` options. If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then **User1** will be migrated, because the `/ui` option takes precedence over the `/ue` option. -The /**uel** option takes precedence over the /**ue** option. If a user has logged on within the specified time period set by the /**uel** option, that user’s profile will be migrated even if they are excluded by using the /**ue** option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days. +The `/uel` option takes precedence over the `/ue` option. If a user has logged on within the specified time period set by the `/uel` option, that user's profile will be migrated even if they're excluded by using the `/ue` option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they've logged on to the computer within the last 14 days. |Behavior|Command| |--- |--- | |Include only User2 from the Fabrikam domain and exclude all other users.|`/ue:*\* /ui:fabrikam\user2`| |Include only the local user named User1 and exclude all other users.|`/ue:*\* /ui:user1`| -|Include only the domain users from Contoso, except Contoso\User1.|This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following commands:
  • On the **ScanState** command line, type: `/ue:*\* /ui:contoso\*`
  • On the **LoadState** command line, type: `/ue:contoso\user1`
| +|Include only the domain users from Contoso, except Contoso\User1.|This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following commands:
  • On the `ScanState.exe` command line, type: `/ue:*\* /ui:contoso\*`
  • On the `LoadState.exe` command line, type: `/ue:contoso\user1`
| |Include only local (non-domain) users.|`/ue:*\* /ui:%computername%\*`| ## Encrypted file options -You can use the following options to migrate encrypted files. In all cases, by default, USMT fails if an encrypted file is found unless you specify an /**efs** option. To migrate encrypted files, you must change the default behavior. +You can use the following options to migrate encrypted files. In all cases, by default, USMT fails if an encrypted file is found unless you specify an `/efs` option. To migrate encrypted files, you must change the default behavior. For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). -> [!NOTE] -> EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files +> [!NOTE] +> EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the `/efs:copyraw` option with the `ScanState.exe` command to migrate the encrypted files -> [!CAUTION] +> [!CAUTION] > Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. | Command-Line Option | Explanation | |----|----| -| **/efs:hardlink** | Creates a hard link to the EFS file instead of copying it. Use only with the **/hardlink** and the **/nocompress** options. | -| **/efs:abort** | Causes the **ScanState** command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default. | -| **/efs:skip** | Causes the **ScanState** command to ignore EFS files. | -| /**efs:decryptcopy** | Causes the **ScanState** command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file cannot be decrypted. If the **ScanState** command succeeds, the file will be unencrypted in the migration store, and once you run the **LoadState** command, the file will be copied to the destination computer. | -| **/efs:copyraw** | Causes the **ScanState** command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an **/efs** option. Therefore you should specify the **/efs:copyraw** option with the **ScanState** command to migrate the encrypted file. Then, when you run the **LoadState** command, the encrypted file and the EFS certificate will be automatically migrated.

For example:
`ScanState /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /efs:copyraw`
**Important**
All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
| +| **/efs:hardlink** | Creates a hard link to the EFS file instead of copying it. Use only with the `/hardlink` and the `/nocompress` options. | +| **/efs:abort** | Causes the `ScanState.exe` command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default. | +| **/efs:skip** | Causes the `ScanState.exe` command to ignore EFS files. | +| **/efs:decryptcopy** | Causes the `ScanState.exe` command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file can't be decrypted. If the `ScanState.exe` command succeeds, the file will be unencrypted in the migration store, and once you run the `LoadState.exe` command, the file will be copied to the destination computer. | +| **/efs:copyraw** | Causes the `ScanState.exe` command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an `/efs` option. Therefore you should specify the `/efs:copyraw` option with the `ScanState.exe` command to migrate the encrypted file. Then, when you run the `LoadState.exe` command, the encrypted file and the EFS certificate will be automatically migrated.

For example:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /efs:copyraw`
**Important**
All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the **LoadState** tool. For more information, see [Migrate EFS files and certificates](usmt-migrate-efs-files-and-certificates.md).
| -## Incompatible Command-Line Options +## Incompatible command-line options -The following table indicates which command-line options are not compatible with the **ScanState** command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options are not compatible. For example, you cannot use the **/nocompress** option with the **/encrypt** option. +The following table indicates which command-line options aren't compatible with the `ScanState.exe` command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options aren't compatible. For example, you can't use the `/nocompress` option with the `/encrypt` option. |Command-Line Option|/keyfile|/nocompress|/genconfig|/all| |--- |--- |--- |--- |--- | |**/i**||||| |**/o**||||| |**/v**||||| -|/**nocompress**||||N/A| -|/**localonly**|||X|| -|/**key**|X||X|| -|/**encrypt**|Required*|X|X|| -|/**keyfile**|N/A||X|| -|/**l**||||| -|/**progress**|||X|| -|/**r**|||X|| -|/**w**|||X|| -|/**c**|||X|| -|/**p**|||X|N/A| -|/**all**|||X|| -|/**ui**|||X|X| -|/**ue**|||X|X| -|/**uel**|||X|X| -|/**efs**:*<option>*|||X|| -|/**genconfig**|||N/A|| -|/**config**|||X|| +|**/nocompress**||||N/A| +|**/localonly**|||X|| +|**/key**|X||X|| +|**/encrypt**|Required*|X|X|| +|**/keyfile**|N/A||X|| +|**/l**||||| +|**/progress**|||X|| +|**/r**|||X|| +|**/w**|||X|| +|**/c**|||X|| +|**/p**|||X|N/A| +|**/all**|||X|| +|**/ui**|||X|X| +|**/ue**|||X|X| +|**/uel**|||X|X| +|**/efs**:*<option>*|||X|| +|**/genconfig**|||N/A|| +|**/config**|||X|| |*<StorePath>*|||X|| -> [!NOTE] -> You must specify either the /**key** or /**keyfile** option with the /**encrypt** option. +> [!NOTE] +> You must specify either the `/key` or `/keyfile` option with the `/encrypt` option. -## Related topics +## Related articles [XML Elements Library](usmt-xml-elements-library.md) diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index 32b5295f93..def8bb3eef 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -12,42 +12,43 @@ ms.custom: seo-marvel-apr2020 ms.technology: itpro-deploy --- -# User State Migration Tool (USMT) Technical Reference -The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals. +# User State Migration Tool (USMT) technical reference -Download the Windows ADK [from this website](/windows-hardware/get-started/adk-install). +The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals. -**USMT support for Microsoft Office** ->USMT in the Windows ADK for Windows 10, version 1511 (10.1.10586.0) supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013.
->USMT in the Windows ADK for Windows 10, version 1607 (10.1.14393.0) adds support for migration of user settings for installations of Microsoft Office 2016. +Download the Windows ADK [from this website](/windows-hardware/get-started/adk-install). + +## USMT support for Microsoft Office + +- USMT in the Windows ADK for Windows 10, version 1511 (10.1.10586.0) supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013. + +- USMT in the Windows ADK for Windows 10, version 1607 (10.1.14393.0) adds support for migration of user settings for installations of Microsoft Office 2016. USMT includes three command-line tools: -- ScanState.exe
-- LoadState.exe
-- UsmtUtils.exe +- ScanState.exe +- LoadState.exe +- UsmtUtils.exe USMT also includes a set of three modifiable .xml files: -- MigApp.xml
-- MigDocs.xml
-- MigUser.xml +- MigApp.xml +- MigDocs.xml +- MigUser.xml -Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration. +Additionally, you can create custom .xml files to support your migration needs. You can also create a `Config.xml` file to specify files or settings to exclude from the migration. -USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT Requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User's Guide](/previous-versions/windows/server/dd560801(v=ws.10)). +USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) overview](/previous-versions/windows/hh825227(v=win.10)). ## In this section -|Topic |Description| + +|Article |Description| |------|-----------| -|[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)|Describes what's new in USMT, how to get started with USMT, and the benefits and limitations of using USMT.| -|[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)|Includes step-by-step instructions for using USMT, as well as how-to topics for conducting tasks in USMT.| -|[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)|Provides answers to frequently asked questions and common issues in USMT, as well as a reference for return codes used in USMT.| -|[User State Migration Toolkit (USMT) Reference](usmt-reference.md)|Includes reference information for migration planning, migration best practices, command-line syntax, using XML, and requirements for using USMT.| +|[User State Migration Tool (USMT) overview topics](usmt-topics.md)|Describes what's new in USMT, how to get started with USMT, and the benefits and limitations of using USMT.| +|[User State Migration Tool (USMT) how-to topics](usmt-how-to.md)|Includes step-by-step instructions for using USMT and how-to topics for conducting tasks in USMT.| +|[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md)|Provides answers to frequently asked questions and common issues in USMT and a reference for return codes used in USMT.| +|[User State Migration Toolkit (USMT) reference](usmt-reference.md)|Includes reference information for migration planning, migration best practices, command-line syntax, using XML, and requirements for using USMT.| + +## Related articles -## Related topics - [Windows Assessment and Deployment Kit](/previous-versions/windows/it-pro/windows-8.1-and-8/dn247001(v=win.10)) - -  - -  diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md index 48e240aa2e..19bd789bda 100644 --- a/windows/deployment/usmt/usmt-test-your-migration.md +++ b/windows/deployment/usmt/usmt-test-your-migration.md @@ -11,32 +11,26 @@ ms.topic: article ms.technology: itpro-deploy --- -# Test Your Migration +# Test your migration +Always test your migration plan in a controlled laboratory setting before you deploy it to your entire organization. In your test environment, you need at least one computer for each type of operating system from which you're migrating data. -Always test your migration plan in a controlled laboratory setting before you deploy it to your entire organization. In your test environment, you need at least one computer for each type of operating system from which you are migrating data. +After you've thoroughly tested the entire migration process on a single computer running each of your source operating systems, conduct a pilot migration with a small group of users. After migrating a few typical user states to the intermediate store, note the space required and adjust your initial calculations accordingly. For details about estimating the space needed for your migration, see [Estimate migration store size](usmt-estimate-migration-store-size.md). You might also need to adjust the registry-setting and file-location information in your migration-rule files. If you make changes, test the migration again. Then verify that all data and settings have migrated as expected. A pilot migration also gives you an opportunity to test your space estimates for the intermediate store. -After you have thoroughly tested the entire migration process on a single computer running each of your source operating systems, conduct a pilot migration with a small group of users. After migrating a few typical user states to the intermediate store, note the space required and adjust your initial calculations accordingly. For details about estimating the space needed for your migration, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). You might also need to adjust the registry-setting and file-location information in your migration-rule files. If you make changes, test the migration again. Then verify that all data and settings have migrated as expected. A pilot migration also gives you an opportunity to test your space estimates for the intermediate store. +If your test migration encounters any errors, examine the **ScanState** and **LoadState** logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return codes](usmt-return-codes.md). You can obtain more information about any listed **Windows** system error codes by typing in a command prompt window `net.exe helpmsg ` where ** is the error code number generated by the error message. For more information about System Error Codes, see [System Error Codes (0-499)](/windows/win32/debug/system-error-codes--0-499-). -If your test migration encounters any errors, examine the ScanState and LoadState logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). You can also obtain more information about a Windows API error message by typing **net helpmsg** and the error message number on the command line. +In most cases, the **ScanState** and **LoadState** logs indicate why a USMT migration is failing. We recommend that you use the `/v:5` option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger. -In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**:5 option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger. +> [!NOTE] +> Running the **ScanState** and **LoadState** tools with the `/v:5` option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred. -**Note**   -Running the ScanState and LoadState tools with the **/v**:5 option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred. +After you've determined that the pilot migration successfully migrated the specified files and settings, you're ready to add USMT to the server that is running Microsoft Configuration Manager, or a non-Microsoft management technology. For more information, see [Manage user state in Configuration Manager](/configmgr/osd/get-started/manage-user-state). - +> [!NOTE] +> For testing purposes, you can create an uncompressed store using the `/hardlink /nocompress` option. When compression is disabled, the **ScanState** tool saves the files and settings to a hidden folder named **File** at `\USMT`. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the `/listfiles` command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration. -After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft Configuration Manager, or a non-Microsoft management technology. For more information, see [Manage user state in Configuration Manager](/configmgr/osd/get-started/manage-user-state). +## Related articles -**Note**   -For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration. +[Plan your migration](usmt-plan-your-migration.md) - - -## Related topics - - -[Plan Your Migration](usmt-plan-your-migration.md) - -[Log Files](usmt-log-files.md) +[Log files](usmt-log-files.md) diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md index 8ebf33ae94..8af523d718 100644 --- a/windows/deployment/usmt/usmt-topics.md +++ b/windows/deployment/usmt/usmt-topics.md @@ -1,6 +1,6 @@ --- title: User State Migration Tool (USMT) Overview Topics (Windows 10) -description: Learn about User State Migration Tool (USMT) overview topics that describe USMT as a highly customizable user-profile migration experience for IT professionals. +description: Learn about User State Migration Tool (USMT) overview articles that describe USMT as a highly customizable user-profile migration experience for IT professionals. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,18 +11,20 @@ ms.topic: article ms.technology: itpro-deploy --- -# User State Migration Tool (USMT) Overview Topics -The User State Migration Tool (USMT) 10.0 provides a highly customizable user-profile migration experience for IT professionals. USMT includes three command-line tools: ScanState.exe, LoadState.exe, and UsmtUtils.exe. USMT also includes a set of three modifiable .xml files: MigApp.xml, MigDocs.xml, and MigUser.xml. Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration. +# User State Migration Tool (USMT) overview topics -## In This Section +The User State Migration Tool (USMT) 10.0 provides a highly customizable user-profile migration experience for IT professionals. USMT includes three command-line tools: `ScanState.exe`, `LoadState.exe`, and `UsmtUtils.exe`. USMT also includes a set of three modifiable .xml files: `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`. Additionally, you can create custom .xml files to support your migration needs. You can also create a `Config.xml` file to specify files or settings to exclude from the migration. -|Topic |Description| +## In this section + +|Article |Description| |------|-----------| -|[User State Migration Tool (USMT) Overview](usmt-overview.md)|Describes the benefits and limitations of using USMT.| -|[Getting Started with the User State Migration Tool (USMT)](getting-started-with-the-user-state-migration-tool.md)|Describes the general process to follow to migrate files and settings, and provides links to more information.| -|[Windows Upgrade and Migration Considerations](../upgrade/windows-upgrade-and-migration-considerations.md)|Discusses the Microsoft® tools you can use to move files and settings between installations, as well as special considerations for performing an upgrade or migration.| +|[User State Migration Tool (USMT) overview](usmt-overview.md)|Describes the benefits and limitations of using USMT.| +|[Getting started with the User State Migration Tool (USMT)](getting-started-with-the-user-state-migration-tool.md)|Describes the general process to follow to migrate files and settings, and provides links to more information.| +|[Windows upgrade and migration considerations](../upgrade/windows-upgrade-and-migration-considerations.md)|Discusses the Microsoft® tools you can use to move files and settings between installations and special considerations for performing an upgrade or migration.| -## Related topics -- [User State Migration Tool (USMT) How-to topics](usmt-how-to.md) -- [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) -- [User State Migration Toolkit (USMT) Reference](usmt-reference.md) +## Related articles + +- [User State Migration Tool (USMT) how-to topics](usmt-how-to.md) +- [User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md) +- [User State Migration Toolkit (USMT) reference](usmt-reference.md) diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md index 5ab5ccc7ae..e215207ede 100644 --- a/windows/deployment/usmt/usmt-troubleshooting.md +++ b/windows/deployment/usmt/usmt-troubleshooting.md @@ -1,6 +1,6 @@ --- title: User State Migration Tool (USMT) Troubleshooting (Windows 10) -description: Learn about topics that address common User State Migration Tool (USMT) 10.0 issues and questions to assist in troubleshooting. +description: Learn about topics that address common User State Migration Tool (USMT) 10.0 issues and questions to help troubleshooting. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,11 +11,11 @@ ms.topic: article ms.technology: itpro-deploy --- -# User State Migration Tool (USMT) Troubleshooting +# User State Migration Tool (USMT) troubleshooting -The following table describes topics that address common User State Migration Tool (USMT) 10.0 issues and questions. These topics describe tools that you can use to troubleshoot issues that arise during your migration. +The following table describes articles that address common User State Migration Tool (USMT) 10.0 issues and questions. These articles describe tools that you can use to troubleshoot issues that arise during your migration. -## In This Section +## In this section | Link | Description | |--- |--- | @@ -25,12 +25,12 @@ The following table describes topics that address common User State Migration To |[Return Codes](usmt-return-codes.md)|Learn how to use return codes to identify problems in USMT.| |[USMT Resources](usmt-resources.md)|Find more information and support for using USMT.| -## Related topics +## Related articles -[USMT Best Practices](usmt-best-practices.md) +[USMT best practices](usmt-best-practices.md) -[User State Migration Tool (USMT) Overview Topics](usmt-topics.md) +[User State Migration Tool (USMT) overview topics](usmt-topics.md) -[User State Migration Tool (USMT) How-to topics](usmt-how-to.md) +[User State Migration Tool (USMT) how-to topics](usmt-how-to.md) -[User State Migration Toolkit (USMT) Reference](usmt-reference.md) +[User State Migration Toolkit (USMT) reference](usmt-reference.md) diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md index 35d372e00b..9568ca5337 100644 --- a/windows/deployment/usmt/usmt-utilities.md +++ b/windows/deployment/usmt/usmt-utilities.md @@ -1,6 +1,6 @@ --- title: UsmtUtils Syntax (Windows 10) -description: Learn about the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. +description: Learn about the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,97 +13,88 @@ ms.technology: itpro-deploy # UsmtUtils Syntax -This topic describes the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. These utilities: +This article describes the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. These utilities: -- Improve your ability to determine cryptographic options for your migration. +- Improve your ability to determine cryptographic options for your migration. -- Assist in removing hard-link stores that cannot otherwise be deleted due to a sharing lock. +- Help removing hard-link stores that can't otherwise be deleted due to a sharing lock. -- Verify whether the catalog file or any of the other files in the compressed migration store have become corrupted. +- Verify whether the catalog file or any of the other files in the compressed migration store have become corrupted. -- Extract files from the compressed migration store when you migrate files and settings to the destination computer. +- Extract files from the compressed migration store when you migrate files and settings to the destination computer. -## In This Topic +## UsmtUtils.exe -[Usmtutils.exe](#bkmk-usmtutils-exe) +The following table lists command-line options for `UsmtUtils.exe`. The sections that follow provide further command-line options for the `/verify` and the `/extract` options. -[Verify Options](#bkmk-verifyoptions) +The syntax for `UsmtUtils.exe` is: -[Extract Options](#bkmk-extractoptions) - -## Usmtutils.exe - -The following table lists command-line options for USMTutils.exe. The sections that follow provide further command-line options for the **/verify** and the **/extract** options. - -The syntax for UsmtUtils.exe is: - -usmtutils \[/ec | /rd *<storeDir>* | /verify *<filepath>* \[options\] | /extract *<filepath>* *<destinationPath>* \[options\]\] +> UsmtUtils.exe \[/ec | /rd *<storeDir>* | /verify *<filepath>* \[options\] | /extract *<filepath>* *<destinationPath>* \[options\]\] |Command-line Option|Description| |--- |--- | -|**/ec**|Returns a list of supported cryptographic algorithms (AlgIDs) on the current system. You can use this on a destination computer to determine which algorithm to use with the **/encrypt** command before you run the ScanState tool on the source computer.| -|**/rd** *<storeDir>* |Removes the directory path specified by the *<storeDir>* argument on the computer. You can use this command to delete hard-link migration stores that cannot otherwise be deleted at a command prompt due to a sharing lock. If the migration store spans multiple volumes on a given drive, it will be deleted from all of these volumes.

For example:
`usmtutils /rd D:\MyHardLinkStore`| -|**/y**|Overrides the accept deletions prompt when used with the **/rd** option. When you use the **/y** option with the **/rd** option, you will not be prompted to accept the deletions before USMT deletes the directories.| -|**/verify**|Returns information on whether the compressed migration store is intact or whether it contains corrupted files or a corrupted catalog.

See [Verify Options](#bkmk-verifyoptions) for syntax and options to use with **/verify**.| -|**/extract**|Recovers files from a compressed USMT migration store.

See [Extract Options](#bkmk-extractoptions) for syntax and options to use with **/extract**.| +|**/ec**|Returns a list of supported cryptographic algorithms (AlgIDs) on the current system. You can use this option on a destination computer to determine which algorithm to use with the `/encrypt` command before you run the **ScanState** tool on the source computer.| +|**/rd** *<storeDir>* |Removes the directory path specified by the *<storeDir>* argument on the computer. You can use this command to delete hard-link migration stores that can't otherwise be deleted at a command prompt due to a sharing lock. If the migration store spans multiple volumes on a given drive, it will be deleted from all of these volumes.

For example:
`UsmtUtils.exe /rd D:\MyHardLinkStore`| +|**/y**|Overrides the accept deletions prompt when used with the `/rd` option. When you use the `/y` option with the `/rd` option, you won't be prompted to accept the deletions before USMT deletes the directories.| +|**/verify**|Returns information on whether the compressed migration store is intact or whether it contains corrupted files or a corrupted catalog.

See [Verify options](#verify-options) for syntax and options to use with `/verify`.| +|**/extract**|Recovers files from a compressed USMT migration store.

See [Extract options](#extract-options) for syntax and options to use with `/extract`.| -## Verify Options +## Verify options -Use the **/verify** option when you want to determine whether a compressed migration store is intact or whether it contains corrupted files or a corrupted catalog. For more information on how to use the **/verify** option, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md). +Use the `/verify` option when you want to determine whether a compressed migration store is intact or whether it contains corrupted files or a corrupted catalog. For more information on how to use the `/verify` option, see [Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md). -The syntax for **/verify** is: +The syntax for `/verify` is: -usmtutils /verify\[:*<reportType>*\] *<filePath>* \[/l:*<logfile>*\] \[/v:*VerbosityLevel*\] \[/decrypt \[:*<AlgID>*\] {/key:*<keystring>* | /keyfile:*<filename>*}\] +> UsmtUtils.exe /verify\[:*<reportType>*\] *<filePath>* \[/l:*<logfile>*\] \[/v:*VerbosityLevel*\] \[/decrypt \[:*<AlgID>*\] {/key:*<keystring>* | /keyfile:*<filename>*}\] | Command-line Option | Description | |-----|--------| -| *<reportType>* | Specifies whether to report on all files, corrupted files only, or the status of the catalog.
  • **Summary**. Returns both the number of files that are intact and the number of files that are corrupted in the migration store. If no algorithm is specified, the summary report is displayed as a default.
  • **all**. Returns a tab-delimited list of all of the files in the compressed migration store and the status for each file. Each line contains the file name followed by a tab spacing, and either “CORRUPTED” or “OK” depending on the status of the file. The last entry reports the corruption status of the "CATALOG" of the store. A catalog file contains metadata for all files in a migration store. The LoadState tool requires a valid catalog file in order to open the migration store. Returns "OK" if the catalog file is intact and LoadState can open the migration store and "CORRUPTED" if the migration store is corrupted.
  • **failureonly**. Returns a tab-delimited list of only the files that are corrupted in the compressed migration store.
  • **Catalog**. Returns only the status of the catalog file.
| +| *<reportType>* | Specifies whether to report on all files, corrupted files only, or the status of the catalog.
  • **Summary**. Returns both the number of files that are intact and the number of files that are corrupted in the migration store. If no algorithm is specified, the summary report is displayed as a default.
  • **all**. Returns a tab-delimited list of all of the files in the compressed migration store and the status for each file. Each line contains the file name followed by a tab spacing, and either **CORRUPTED** or **OK** depending on the status of the file. The last entry reports the corruption status of the **CATALOG** of the store. A catalog file contains metadata for all files in a migration store. The **LoadState** tool requires a valid catalog file in order to open the migration store. Returns "OK" if the catalog file is intact and **LoadState** can open the migration store and "CORRUPTED" if the migration store is corrupted.
  • **failureonly**. Returns a tab-delimited list of only the files that are corrupted in the compressed migration store.
  • **Catalog**. Returns only the status of the catalog file.
| | **/l:**
*<logfilePath>* | Specifies the location and name of the log file. | -| **/v:** *<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the UsmtUtils log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.
| -| **/decrypt** *<AlgID>* **/**:*<KeyString>*
or
**/decrypt** *<AlgID>* **/**:*<“Key String”>*
or
**/decrypt:** *<AlgID>* **/keyfile**:*<FileName>* | Specifies that the **/encrypt** option was used to create the migration store with the ScanState tool. To decrypt the migration store, specify a **/key** or **/keyfile** option as follows:
  • *<AlgID>* specifies the cryptographic algorithm that was used to create the migration store on the ScanState command line. If no algorithm is specified, ScanState and UsmtUtils use the 3DES algorithm as a default.
    *<AlgID>* valid values include: AES_128, AES_192, AES_256, 3DES, or 3DES_112.
  • **/key:** *<KeyString>* specifies the encryption key. If there is a space in *<KeyString>*, you must surround the argument with quotation marks.
  • **/keyfile**: *<FileName>* specifies the location and name of a text (.txt) file that contains the encryption key.

For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md) | +| **/v:** *<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the **UsmtUtils** log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.
| +| **/decrypt** *<AlgID>* **/**:*<KeyString>*
or
**/decrypt** *<AlgID>* **/**:*<"Key String">*
or
**/decrypt:** *<AlgID>* **/keyfile**:*<FileName>* | Specifies that the `/encrypt` option was used to create the migration store with the **ScanState** tool. To decrypt the migration store, specify a `/key` or `/keyfile` option as follows:
  • *<AlgID>* specifies the cryptographic algorithm that was used to create the migration store on the `ScanState.exe` command line. If no algorithm is specified, **ScanState** and **UsmtUtils** use the 3DES algorithm as a default.
    *<AlgID>* valid values include: `AES_128`, `AES_192`, `AES_256`, `3DES`, or `3DES_112`.
  • `/key:` *<KeyString>* specifies the encryption key. If there's a space in *<KeyString>*, you must surround the argument with quotation marks.
  • `/keyfile`: *<FileName>* specifies the location and name of a text (.txt) file that contains the encryption key.

For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md) | -Some examples of **/verify** commands: +Some examples of `/verify` commands: -- `usmtutils /verify D:\MyMigrationStore\store.mig` +- `UsmtUtils.exe /verify D:\MyMigrationStore\store.mig` -- `usmtutils /verify:catalog D:\MyMigrationStore\store.mig` +- `UsmtUtils.exe /verify:catalog D:\MyMigrationStore\store.mig` -- `usmtutils /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt` +- `UsmtUtils.exe /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt` -- `usmtutils /verify:failureonly D:\MyMigrationStore\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt` +- `UsmtUtils.exe /verify:failureonly D:\MyMigrationStore\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt` -## Extract Options +## Extract options +Use the `/extract` option to recover files from a compressed USMT migration store if it will not restore normally with **LoadState**. For more information on how to use the `/extract` option, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md). -Use the **/extract** option to recover files from a compressed USMT migration store if it will not restore normally with loadstate. For more information on how to use the **/extract** option, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). +The syntax for `/extract` is: -The syntax for **/extract** is: - -/extract *<filePath>* *<destinationPath>* \[/i:*<includePattern>*\] \[/e: *<excludePattern>*\] \[/l: *<logfile>*\] \[/v: *VerbosityLevel>*\] \[/decrypt\[:*<AlgID>*\] {key: *<keystring>* | /keyfile: *<filename>*}\] \[/o\] +> /extract *<filePath>* *<destinationPath>* \[/i:*<includePattern>*\] \[/e: *<excludePattern>*\] \[/l: *<logfile>*\] \[/v: *VerbosityLevel>*\] \[/decrypt\[:*<AlgID>*\] {key: *<keystring>* | /keyfile: *<filename>*}\] \[/o\] | Command-line Option | Description | |-------|-----| | *<filePath>* | Path to the USMT migration store.

For example:
`D:\MyMigrationStore\USMT\store.mig` | | *<destinationPath>* | Path to the folder where the tool puts the individual files. | -| **/i**:*<includePattern>* | Specifies a pattern for files to include in the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use **/i**: *<includePattern>* and **/e**: *<excludePattern>* options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns. | -| **/e**:*<excludePattern>* | Specifies a pattern for files to omit from the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use **/i**: *<includePattern>* and **/e**: *<excludePattern>* options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns. | +| **/i**:*<includePattern>* | Specifies a pattern for files to include in the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use `/i`: *<includePattern>* and `/e`: *<excludePattern>* options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns. | +| **/e**:*<excludePattern>* | Specifies a pattern for files to omit from the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use `/i`: *<includePattern>* and `/e`: *<excludePattern>* options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns. | | **/l**:*<logfilePath>* | Specifies the location and name of the log file. | -| **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the UsmtUtils log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.
| -| **/decrypt***<AlgID>***/key**:*<KeyString>*
or
**/decrypt***<AlgID>***/**:*<“Key String”>*
or
**/decrypt:***<AlgID>***/keyfile**:*<FileName>* | Specifies that the **/encrypt** option was used to create the migration store with the ScanState tool. To decrypt the migration store, you must also specify a **/key** or **/keyfile** option as follows:
  • *<AlgID>* specifies the cryptographic algorithm that was used to create the migration store on the ScanState command line. If no algorithm is specified, ScanState and UsmtUtils use the 3DES algorithm as a default.
    *<AlgID>* valid values include: AES_128, AES_192, AES_256, 3DES, or 3DES_112.
  • **/key**: *<KeyString>* specifies the encryption key. If there is a space in *<KeyString>*, you must surround the argument with quotation marks.
  • **/keyfile**:*<FileName>* specifies a text (.txt) file that contains the encryption key

For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | +| **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the **UsmtUtils** log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.
| +| **/decrypt***<AlgID>***/key**:*<KeyString>*
or
**/decrypt***<AlgID>***/**:*<"Key String">*
or
**/decrypt:***<AlgID>***/keyfile**:*<FileName>* | Specifies that the `/encrypt` option was used to create the migration store with the **ScanState** tool. To decrypt the migration store, you must also specify the `/key` or `/keyfile` option as follows:
  • *<AlgID>* specifies the cryptographic algorithm that was used to create the migration store on the `ScanState.exe` command line. If no algorithm is specified, **ScanState** and **UsmtUtils** use the 3DES algorithm as a default.
    *<AlgID>* valid values include: `AES_128`, `AES_192`, `AES_256`, `3DES`, or `3DES_112`.
  • `/key`: *<KeyString>* specifies the encryption key. If there's a space in *<KeyString>*, you must surround the argument with quotation marks.
  • `/keyfile`:*<FileName>* specifies a text (.txt) file that contains the encryption key

For more information about supported encryption algorithms, see [Migration store encryption](usmt-migration-store-encryption.md). | | **/o** | Overwrites existing output files. | -Some examples of **/extract** commands: +Some examples of `/extract` commands: -- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore` +- `UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore` -- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt, *.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt` +- `UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt, *.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt` -- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtlog.txt` +- `UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtlog.txt` -- `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o` +- `UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o` -## Related topics +## Related articles -[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md) +[User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md) -[Return Codes](usmt-return-codes.md) +[Return codes](usmt-return-codes.md) diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 3c518316f4..d6adda65de 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -1,6 +1,6 @@ --- title: What does USMT migrate (Windows 10) -description: Learn how User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. +description: Learn how User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,134 +13,149 @@ ms.technology: itpro-deploy # What does USMT migrate? -## Default migration scripts +## Default migration scripts -The User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. USMT provides the following sample scripts: +The User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. USMT provides the following sample scripts: -- **MigApp.XML.** Rules to migrate application settings. +- **MigApp.XML** - Rules to migrate application settings. -- **MigDocs.XML.** Rules that use the **MigXmlHelper.GenerateDocPatterns** helper function, which can be used to automatically find user documents on a computer without the need to author extensive custom migration .xml files. +- **MigDocs.XML** - Rules that use the **MigXmlHelper.GenerateDocPatterns** helper function, which can be used to automatically find user documents on a computer without the need to author extensive custom migration .xml files. -- **MigUser.XML.** Rules to migrate user profiles and user data. +- **MigUser.XML** - Rules to migrate user profiles and user data. - MigUser.xml gathers everything in a user’s profile and then does a file extension- based search of most of the system for other user data. If data doesn’t match either of these criteria, the data won’t be migrated. For the most part, this file describes a "core" migration. + `MigUser.xml` gathers everything in a user's profile and then does a file extension- based search of most of the system for other user data. If data doesn't match either of these criteria, the data won't be migrated. Usually, this file describes a core migration. - The following data does not migrate with MigUser.xml: + The following data doesn't migrate with `MigUser.xml`: - - Files outside the user profile that don’t match one of the file extensions in MigUser.xml. + - Files outside the user profile that don't match one of the file extensions in `MigUser.xml`. - Access control lists (ACLs) for folders outside the user profile. -## User data +## User data -This section describes the user data that USMT migrates by default, using the MigUser.xml file. It also defines how to migrate ACLs. +This section describes the user data that USMT migrates by default, using the `MigUser.xml` file. It also defines how to migrate access control lists (ACLs). -- **Folders from each user profile.** When you specify the MigUser.xml file, USMT migrates everything in a user’s profiles including the following: +- **Folders from each user profile.** When you specify the `MigUser.xml` file, USMT migrates everything in a user's profiles including the following items: - My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites. + - My Documents + + - My Video + + - My Music + + - My Pictures + + - Desktop files + + - Start menu + + - Quick Launch settings + + - Favorites > [!IMPORTANT] > Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-doesnt-migrate-the-start-layout). -- **Folders from the All Users and Public profiles.** When you specify the MigUser.xml file, USMT also migrates the following from the **All Users** profile in Windows® XP, or the **Public** profile in Windows Vista, Windows 7, or Windows 8: +- **Folders from the All Users and Public profiles.** When you specify the `MigUser.xml` file, USMT also migrates the following from the **Public** profile in Windows Vista, Windows 7, Windows 8, or Windows 10: - - Shared Documents + - Shared Documents - - Shared Video + - Shared Video - - Shared Music + - Shared Music - - Shared desktop files + - Shared desktop files - - Shared Pictures + - Shared Pictures - - Shared Start menu + - Shared Start menu - - Shared Favorites + - Shared Favorites -- **File types.** When you specify the MigUser.xml file, the ScanState tool searches the fixed drives, collects, and then migrates files with any of the following file extensions: +- **File types.** When you specify the `MigUser.xml` file, the **ScanState** tool searches the fixed drives, collects, and then migrates files with any of the following file extensions: - **.accdb, .ch3, .csv, .dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*.** + `.accdb`, `.ch3`, `.csv`, `.dif`, `.doc*`, `.dot*`, `.dqy`, `.iqy`, `.mcw`, `.mdb*`, `.mpp`, `.one*`, `.oqy`, `.or6`, `.pot*`, `.ppa`, `.pps*`, `.ppt*`, `.pre`, `.pst`, `.pub`, `.qdf`, `.qel`, `.qph`, `.qsd`, `.rqy`, `.rtf`, `.scd`, `.sh3`, `.slk`, `.txt`, `.vl*`, `.vsd`, `.wk*`, `.wpd`, `.wps`, `.wq1`, `.wri`, `.xl*`, `.xla`, `.xlb`, `.xls*` > [!NOTE] - > The asterisk (\*) stands for zero or more characters. + > The asterisk (`*`) stands for zero or more characters. -- **Access control lists.** USMT migrates ACLs for specified files and folders from computers running both Windows® XP and Windows Vista. For example, if you migrate a file named File1.txt that is read-only for User1 and read/write for User2, these settings will still apply on the destination computer after the migration. +- **Access control lists.** USMT migrates access control lists (ACLs) for specified files and folders from computers running both Windows® XP and Windows Vista. For example, if you migrate a file named `File1.txt` that is **read-only** for **User1** and **read/write** for **User2**, these settings will still apply on the destination computer after the migration. -> [!IMPORTANT] -> To migrate ACLs, you must specify the directory to migrate in the MigUser.xml file. Using file patterns like \*.doc will not migrate a directory. The source ACL information is migrated only when you explicitly specify the directory. For example, `c:\test docs`. + > [!IMPORTANT] + > To migrate ACLs, you must specify the directory to migrate in the MigUser.xml file. Using file patterns like \*.doc will not migrate a directory. The source ACL information is migrated only when you explicitly specify the directory. For example, `c:\test docs`. -## Operating-system components +## Operating-system components -USMT migrates operating-system components to a destination computer from computers running Windows 7 and Windows 8 +USMT migrates operating-system components to a destination computer from computers running Windows 7 and Windows 8 The following components are migrated by default using the manifest files: -- Accessibility settings +- Accessibility settings -- Address book +- Address book -- Command-prompt settings +- Command-prompt settings -- \*Desktop wallpaper +- Desktop wallpaper **¹** -- EFS files +- EFS files -- Favorites +- Favorites -- Folder options +- Folder options -- Fonts +- Fonts -- Group membership. USMT migrates users’ group settings. The groups to which a user belongs can be found by right-clicking **My Computer** on the Start menu and then selecting **Manage**. When running an offline migration, the use of a **<ProfileControl>** section in the Config.xml file is required. +- Group membership. USMT migrates users' group settings. The groups to which a user belongs can be found by right-clicking **My Computer** on the Start menu and then selecting **Manage**. When running an offline migration, the use of a **<ProfileControl>** section in the `Config.xml` file is required. -- \*Windows Internet Explorer® settings +- Windows Internet Explorer® settings **¹** -- Microsoft® Open Database Connectivity (ODBC) settings +- Microsoft® Open Database Connectivity (ODBC) settings -- Mouse and keyboard settings +- Mouse and keyboard settings -- Network drive mapping +- Network drive mapping -- \*Network printer mapping +- Network printer mapping **¹** -- \*Offline files +- Offline files **¹** -- \*Phone and modem options +- Phone and modem options **¹** -- RAS connection and phone book (.pbk) files +- RAS connection and phone book (.pbk) files -- \*Regional settings +- Regional settings **¹** -- Remote Access +- Remote Access -- \*Taskbar settings +- Taskbar settings **¹** -- User personal certificates (all) +- User personal certificates (all) -- Windows Mail. +- Windows Mail -- \*Windows Media Player +- Windows Media Player **¹** -- Windows Rights Management +- Windows Rights Management -\* These settings aren't available for an offline migration. For more information, see [Offline Migration Reference](offline-migration-reference.md). + **¹** These settings aren't available for an offline migration. For more information, see [Offline migration reference](offline-migration-reference.md). > [!IMPORTANT] > This list may not be complete. There may be additional components that are migrated. > [!NOTE] -> Some settings, such as fonts, aren't applied by the LoadState tool until after the destination computer has been restarted. For this reason, restart the destination computer after you run the LoadState tool. +> Some settings, such as fonts, aren't applied by the **LoadState** tool until after the destination computer has been restarted. For this reason, restart the destination computer after you run the **LoadState** tool. -## Supported applications +## Supported applications Even though it's not required for all applications, it's good practice to install all applications on the destination computer before restoring the user state. Installing applications before migrating settings helps to ensure that migrated settings aren't overwritten by the application installers. > [!NOTE] -> + > - The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. + > - USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate. -When you specify the MigApp.xml file, USMT migrates the settings for the following applications: +When you specify the `MigApp.xml` file, USMT migrates the settings for the following applications: |Product|Version| |--- |--- | @@ -156,7 +171,7 @@ When you specify the MigApp.xml file, USMT migrates the settings for the followi |Google Picasa|3| |Google Talk|beta| |IBM Lotus 1-2-3|9| -|IBM Lotus Notes|6,7, 8| +|IBM Lotus Notes|6, 7, 8| |IBM Lotus Organizer|5| |IBM Lotus WordPro|9.9| |Intuit Quicken Deluxe|2009| @@ -189,54 +204,52 @@ When you specify the MigApp.xml file, USMT migrates the settings for the followi |Yahoo Messenger|9| |Microsoft Zune™ Software|3| -## What USMT doesn't migrate +## What USMT doesn't migrate -The following is a list of the settings that USMT doesn't migrate. If you are having a problem that isn't listed here, see [Common Issues](usmt-common-issues.md). +The following items are settings that USMT doesn't migrate. If you're having a problem that isn't listed here, see [Common issues](usmt-common-issues.md). ### Application settings -USMT does not migrate the following application settings: +USMT doesn't migrate the following application settings: -- Settings from earlier versions of an application. The versions of each application must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. USMT can migrate from an earlier version of Microsoft Office to a later version. +- Settings from earlier versions of an application. The versions of each application must match on the source and destination computers. USMT doesn't support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. USMT can migrate from an earlier version of Microsoft Office to a later version. -- Application settings and some operating-system settings when a local account is created. For example, if you run /lac to create a local account on the destination computer, USMT will migrate the user data, but only some of the operating-system settings, such as wallpaper and screensaver settings, and no application settings will migrate. +- Application settings and some operating-system settings when a local account is created. For example, if you run `/lac` to create a local account on the destination computer, USMT will migrate the user data, but only some of the operating-system settings, such as wallpaper and screensaver settings, and no application settings will migrate. -- Microsoft Project settings, when migrating from Office 2003 to Office 2007 system. +- Microsoft Project settings, when migrating from Office 2003 to Office 2007 system. -- ICQ Pro settings, if ICQ Pro is installed in a different location on the destination computer. To successfully migrate the settings of ICQ Pro, you must install ICQ Pro in the same location on the destination computer as it was on the source computer. Otherwise, after you run the LoadState tool, the application won't start. You may encounter problems when: +- ICQ Pro settings, if ICQ Pro is installed in a different location on the destination computer. To successfully migrate the settings of ICQ Pro, you must install ICQ Pro in the same location on the destination computer as it was on the source computer. Otherwise, after you run the **LoadState** tool, the application won't start. You may encounter problems when: - - You change the default installation location on 32-bit destination computers. + - You change the default installation location on 32-bit destination computers. - - You attempt to migrate from a 32-bit computer to a 64-bit computer. This is because the ICQ Pro default installation directory is different on the two types of computers. When you install ICQ Pro on a 32-bit computer, the default location is "C:\\Program Files\\...". The ICQ Pro default installation directory on an x64-based computer, however, is “C:\\Program Files (x86)\\...”. + - You attempt to migrate from a 32-bit computer to a 64-bit computer. Attempting to migrate settings between different architectures doesn't work because the ICQ Pro default installation directory is different on the two types of computers. When you install ICQ Pro on a 32-bit computer, the default location is `C:\Program Files\...`. The ICQ Pro default installation directory on an x64-based computer, however, is `C:\Program Files (x86)\...`. ### Operating-System settings -USMT does not migrate the following operating-system settings. +USMT doesn't migrate the following operating-system settings. -- Local printers, hardware-related settings, drivers, passwords, application binary files, synchronization files, DLL files, or other executable files. +- Local printers, hardware-related settings, drivers, passwords, application binary files, synchronization files, DLL files, or other executable files. -- Permissions for shared folders. After migration, you must manually reshare any folders that were shared on the source computer. +- Permissions for shared folders. After migration, you must manually re-share any folders that were shared on the source computer. -- Files and settings migrating between operating systems with different languages. The operating system of the source computer must match the language of the operating system on the destination computer. +- Files and settings migrating between operating systems with different languages. The operating system of the source computer must match the language of the operating system on the destination computer. -- Customized icons for shortcuts may not migrate. +- Customized icons for shortcuts may not migrate. -- Taskbar settings, when the source computer is running Windows XP. +You should also note the following items: -You should also note the following: +- You should run USMT from an account with administrative credentials. Otherwise, some data won't migrate. When running the **ScanState** and **LoadState** tools, you must run the tools in Administrator mode from an account with administrative credentials. If you don't run USMT in Administrator mode, only the user profile that is logged on will be included in the migration. -- You should run USMT from an account with administrative credentials. Otherwise, some data will not migrate. When running the ScanState and LoadState tools you must run the tools in Administrator mode from an account with administrative credentials. If you don't run USMT in Administrator mode, only the user profile that is logged on will be included in the migration. In addition, you must run the ScanState tool on Windows XP from an account with administrative credentials. Otherwise, some operating-system settings will not migrate. To run in Administrator mode, select **Start**, **All Programs**, **Accessories**, right-click **Command Prompt**, and then select **Run as administrator**. - -- You can use the /**localonly** option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify /**localonly**, see [ScanState Syntax](usmt-scanstate-syntax.md). +- You can use the `/localonly` option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify `/localonly`, see [ScanState syntax](usmt-scanstate-syntax.md). ### Start menu layout -Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-doesnt-migrate-the-start-layout). +Starting in Windows 10, version 1607 the USMT doesn't migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-doesnt-migrate-the-start-layout). ### User profiles from Active Directory to Azure Active Directory USMT doesn't support migrating user profiles from Active Directory to Azure Active Directory. -## Related topics +## Related articles [Plan your migration](usmt-plan-your-migration.md) From dcb4956e1938d95a68a9317e9373b0a8e76dedb8 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Fri, 4 Nov 2022 15:19:03 -0400 Subject: [PATCH 021/108] Metadata update deployment/usmt 18 --- windows/deployment/usmt/usmt-scanstate-syntax.md | 4 ++-- windows/deployment/usmt/usmt-what-does-usmt-migrate.md | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index c1b45a18b9..4158cc7173 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -1,6 +1,6 @@ --- -title: **ScanState** Syntax (Windows 10) -description: The **ScanState** command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. +title: ScanState Syntax (Windows 10) +description: The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. ms.reviewer: manager: aaroncz ms.author: frankroj diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index d6adda65de..99de18e670 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -150,9 +150,7 @@ The following components are migrated by default using the manifest files: Even though it's not required for all applications, it's good practice to install all applications on the destination computer before restoring the user state. Installing applications before migrating settings helps to ensure that migrated settings aren't overwritten by the application installers. > [!NOTE] - > - The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. - > - USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate. When you specify the `MigApp.xml` file, USMT migrates the settings for the following applications: From 34b0f37930a9e95e31ccaaa420c04420f5d7ade3 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Fri, 4 Nov 2022 16:06:43 -0400 Subject: [PATCH 022/108] Metadata update deployment/usmt 19 --- .../usmt/usmt-what-does-usmt-migrate.md | 6 +- .../usmt/usmt-xml-elements-library.md | 595 ++++++++---------- 2 files changed, 283 insertions(+), 318 deletions(-) diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 99de18e670..b4964f369a 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -150,8 +150,10 @@ The following components are migrated by default using the manifest files: Even though it's not required for all applications, it's good practice to install all applications on the destination computer before restoring the user state. Installing applications before migrating settings helps to ensure that migrated settings aren't overwritten by the application installers. > [!NOTE] -> - The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. -> - USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate. +> The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. + +> [!NOTE] +> USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate. When you specify the `MigApp.xml` file, USMT migrates the settings for the following applications: diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index d9b9911c21..545e5e1860 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -15,21 +15,9 @@ ms.technology: itpro-deploy This topic describes the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT). It is assumed that you understand the basics of XML. -## In this topic +In addition to XML elements and helper functions, this article describes how to specify encoded locations and locations patterns, functions that are for internal USMT use only, and the version tags that you can use with helper functions. -In addition to XML elements and helper functions, this topic describes how to specify encoded locations and locations patterns, functions that are for internal USMT use only, and the version tags that you can use with helper functions. - -- [Elements and helper functions](#elements) - -- [Appendix](#appendix) - - - [Specifying locations](#locations) - - - [Internal USMT functions](#internalusmtfunctions) - - - [Valid version tags](#allowed) - -## Elements and Helper Functions +## Elements and helper functions The following table describes the XML elements and helper functions you can use with USMT. @@ -37,17 +25,17 @@ The following table describes the XML elements and helper functions you can use |-----|----|-----| | [<addObjects>](#addobjects)
[<attributes>](#attribute)
[<bytes>](#bytes)
[<commandLine>](#commandline)
[<component>](#component)
[<condition>](#condition)
[<conditions>](#conditions)
[<content>](#content)
[<contentModify>](#contentmodify)
[<description>](#description)
[<destinationCleanup>](#destinationcleanup)
[<detect>](#detect)
[<detects>](#detects)
[<detection>](#detection)
[<displayName>](#displayname)
[<environment>](#bkmk-environment)
[<exclude>](#exclude)
[<excludeAttributes>](#excludeattributes)
[<extensions>](#extensions)
[<extension>](#extension)
[<externalProcess>](#externalprocess)
[<icon>](#icon)
[<include>](#include)
[<includeAttribute>](#includeattributes) | [<library>](#library)
[<location>](#location)
[<locationModify>](#locationmodify)
[<_locDefinition>](#locdefinition)
[<manufacturer>](#manufacturer)
[<merge>](#merge)
[<migration>](#migration)
[<namedElements>](#namedelements)
[<object>](#object)
[<objectSet>](#objectset)
[<path>](#path)
[<paths>](#paths)
[<pattern>](#pattern)
[<processing>](#processing)
[<plugin>](#plugin)
[<role>](#role)
[<rules>](#rules)
[<script>](#script)
[<text>](#text)
[<unconditionalExclude>](#unconditionalexclude)
[<variable>](#variable)
[<version>](#version)
[<windowsObjects>](#windowsobjects) | [<condition> functions](#conditionfunctions)
[<content> functions](#contentfunctions)
[<contentModify> functions](#contentmodifyfunctions)
[<include> and <exclude> filter functions](#persistfilterfunctions)
[<locationModify> functions](#locationmodifyfunctions)
[<merge> functions](#mergefunctions)
[<script> functions](#scriptfunctions)
[Internal USMT functions](#internalusmtfunctions) | -## <addObjects> +## <addObjects> The <addObjects> element emulates the existence of one or more objects on the source computer. The child <object> elements provide the details of the emulated objects. If the content is a <script> element, the result of the invocation will be an array of objects. -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Required child elements:** [<object>](#object) In addition, you must specify [<location>](#location) and [<attribute>](#attribute) as child elements of this <object> element. +- **Required child elements:** [<object>](#object) In addition, you must specify [<location>](#location) and [<attribute>](#attribute) as child elements of this <object> element. -- **Optional child elements:**[<conditions>](#conditions), <condition>, [<script>](#script) +- **Optional child elements:** [<conditions>](#conditions), <condition>, [<script>](#script) Syntax: @@ -73,15 +61,15 @@ The following example is from the MigApp.xml file: ``` -## <attributes> +## <attributes> The <attributes> element defines the attributes for a registry key or file. -- **Number of occurrences:** once for each <object> +- **Number of occurrences:** once for each <object> -- **Parent elements:**[<object>](#object) +- **Parent elements:** [<object>](#object) -- **Child elements:** none +- **Child elements:** none Syntax: @@ -103,15 +91,15 @@ The following example is from the MigApp.xml file: ``` -## <bytes> +## <bytes> You must specify the <bytes> element only for files because, if <location> corresponds to a registry key or a directory, then <bytes> will be ignored. -- **Number of occurrences:** zero or one +- **Number of occurrences:** zero or one -- **Parent elements:**[<object>](#object) +- **Parent elements:** [<object>](#object) -- **Child elements:** none +- **Child elements:** none Syntax: @@ -135,16 +123,15 @@ The following example is from the MigApp.xml file: ``` -## <commandLine> - +## <commandLine> You might want to use the <commandLine> element if you want to start or stop a service or application before or after you run the ScanState and LoadState tools. -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:**[<externalProcess>](#externalprocess) +- **Parent elements:** [<externalProcess>](#externalprocess) -- **Child elements:** none**** +- **Child elements:** none**** Syntax: @@ -156,19 +143,19 @@ Syntax: |--- |--- |--- | |*CommandLineString*|Yes|A valid command line.| -## <component> +## <component> The <component> element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the MigApp.xml file, "Microsoft® Office 2003" is a component that contains another component, "Microsoft Office Access® 2003". You can use the child elements to define the component. A component can be nested inside another component; that is, the <component> element can be a child of the <role> element within the <component> element in two cases: 1) when the parent <component> element is a container or 2) if the child <component> element has the same role as the parent <component> element. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<migration>](#migration), [<role>](#role) +- **Parent elements:** [<migration>](#migration), [<role>](#role) -- **Required child elements:**[<role>](#role), [<displayName>](#displayname) +- **Required child elements:** [<role>](#role), [<displayName>](#displayname) -- **Optional child elements:**[<manufacturer>](#manufacturer), [<version>](#version), [<description>](#description), [<paths>](#paths), [<icon>](#icon), [<environment>](#bkmk-environment), [<extensions>](#extensions) +- **Optional child elements:** [<manufacturer>](#manufacturer), [<version>](#version), [<description>](#description), [<paths>](#paths), [<icon>](#icon), [<environment>](#bkmk-environment), [<extensions>](#extensions) Syntax: @@ -187,19 +174,19 @@ hidden="Yes|No"> For an example, see any of the default migration .xml files. -## <condition> +## <condition> Although the <condition> element under the <detect>, <objectSet>, and <addObjects> elements is supported, we recommend that you do not use it. This element might be deprecated in future versions of USMT, requiring you to rewrite your scripts. We recommend that, if you need to use a condition within the <objectSet> and <addObjects> elements, you use the more powerful [<conditions>](#conditions) element, which allows you to formulate complex Boolean statements. The <condition> element has a Boolean result. You can use this element to specify the conditions in which the parent element will be evaluated. If any of the present conditions return FALSE, the parent element will not be evaluated. -- **Number of occurrences:** unlimited. +- **Number of occurrences:** unlimited. -- **Parent elements:**[<conditions>](#conditions), <detect>, <objectSet>, <addObjects> +- **Parent elements:** [<conditions>](#conditions), <detect>, <objectSet>, <addObjects> -- **Child elements:** none +- **Child elements:** none -- **Helper functions:** You can use the following [<condition> functions](#conditionfunctions) with this element: DoesOSMatch, IsNative64Bit(), IsOSLaterThan, IsOSEarlierThan, DoesObjectExist, DoesFileVersionMatch, IsFileVersionAbove, IsFileVersionBelow, IsSystemContext, DoesStringContentEqual, DoesStringContentContain, IsSameObject, IsSameContent, and IsSameStringContent. +- **Helper functions:** You can use the following [<condition> functions](#conditionfunctions) with this element: DoesOSMatch, IsNative64Bit(), IsOSLaterThan, IsOSEarlierThan, DoesObjectExist, DoesFileVersionMatch, IsFileVersionAbove, IsFileVersionBelow, IsSystemContext, DoesStringContentEqual, DoesStringContentContain, IsSameObject, IsSameContent, and IsSameStringContent. Syntax: @@ -238,17 +225,17 @@ However, in the code sample below, the <condition> elements, A and B, are ``` -### <condition> functions +### <condition> functions The <condition> functions return a Boolean value. You can use these elements in <addObjects> conditions. -- [Operating system version functions](#operatingsystemfunctions) +- [Operating system version functions](#operating-system-version-functions) -- [Object content functions](#objectcontentfunctions) +- [Object content functions](#object-content-functions) -### Operating system version functions +### Operating system version functions -- **DoesOSMatch** +- **DoesOSMatch** All matches are case insensitive. @@ -265,11 +252,11 @@ The <condition> functions return a Boolean value. You can use these elemen MigXmlHelper.DoesOSMatch("NT","\*") ``` -- **IsNative64Bit** +- **IsNative64Bit** The IsNative64Bit function returns TRUE if the migration process is running as a native 64-bit process; that is, a process running on a 64-bit system without Windows on Windows (WOW). Otherwise, it returns FALSE. -- **IsOSLaterThan** +- **IsOSLaterThan** All comparisons are case insensitive. @@ -286,7 +273,7 @@ The <condition> functions return a Boolean value. You can use these elemen MigXmlHelper.IsOSLaterThan("NT","6.0") ``` -- **IsOSEarlierThan** +- **IsOSEarlierThan** All comparisons are case insensitive. @@ -297,8 +284,7 @@ The <condition> functions return a Boolean value. You can use these elemen |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and *OSType* is "9x" the result will be FALSE.| |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`.

The IsOSEarlierThan function returns TRUE if the current operating system is earlier than *OSVersion*.| - -### Object content functions +### Object content functions - **DoesObjectExist** @@ -436,15 +422,15 @@ The <condition> functions return a Boolean value. You can use these elemen |*ObjectType2*|Yes|Defines the type of the second object. Can be File or Registry.| |*EncodedLocation2*|Yes|The [encoded location](#locations) for the second object. You can specify environment variables.| -## <conditions> +## <conditions> The <conditions> element returns a Boolean result that is used to specify the conditions in which the parent element is evaluated. USMT evaluates the child elements, and then joins their results using the operators AND or OR according to the **operation** parameter. -- **Number of occurrences:** Unlimited inside another <conditions> element. Limited to one occurrence in [<detection>](#detection), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) +- **Number of occurrences:** Unlimited inside another <conditions> element. Limited to one occurrence in [<detection>](#detection), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) -- **Parent elements:**[<conditions>](#conditions), [<detection>](#detection), [<environment>](#bkmk-environment), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) +- **Parent elements:** [<conditions>](#conditions), [<detection>](#detection), [<environment>](#bkmk-environment), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) -- **Child elements:**[<conditions>](#conditions), [<condition>](#condition) +- **Child elements:** [<conditions>](#conditions), [<condition>](#condition) Syntax: @@ -470,17 +456,17 @@ The following example is from the MigApp.xml file: ``` -## <content> +## <content> You can use the <content> element to specify a list of object patterns to obtain an object set from the source computer. Each <objectSet> within a <content> element is evaluated. For each resulting object pattern list, the objects that match it are enumerated and their content is filtered by the filter parameter. The resulting string array is the output for the <content> element. The filter script returns an array of locations. The parent <objectSet> element can contain multiple child <content> elements. -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:**[<objectSet>](#objectset) +- **Parent elements:** [<objectSet>](#objectset) -- **Child elements:**[<objectSet>](#objectset) +- **Child elements:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<content> functions](#contentfunctions) with this element: ExtractSingleFile, ExtractMultipleFiles, and ExtractDirectory. +- **Helper functions:** You can use the following [<content> functions](#contentfunctions) with this element: ExtractSingleFile, ExtractMultipleFiles, and ExtractDirectory. Syntax: @@ -493,11 +479,11 @@ Syntax: |--- |--- |--- | |filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script is called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| -### <content> functions +### <content> functions The following functions generate patterns out of the content of an object. These functions are called for every object that the parent <ObjectSet> element is enumerating. -- **ExtractSingleFile** +- **ExtractSingleFile** If the registry value is a MULTI-SZ, only the first segment is processed. The returned pattern is the encoded location for a file that must exist on the system. If the specification is correct in the registry value, but the file does not exist, this function returns NULL. @@ -520,7 +506,7 @@ The following functions generate patterns out of the content of an object. These ``` -- **ExtractMultipleFiles** +- **ExtractMultipleFiles** The ExtractMultipleFiles function returns multiple patterns, one for each file that is found in the content of the given registry value. If the registry value is a MULTI-SZ, the MULTI-SZ separator is considered a separator by default. therefore, for MULTI-SZ, the <Separators> argument must be NULL. @@ -533,7 +519,7 @@ The following functions generate patterns out of the content of an object. These |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. This parameter must be NULL when processing MULTI-SZ registry values.| |*PathHints*|Yes|A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.| -- **ExtractDirectory** +- **ExtractDirectory** The ExtractDirectory function returns a pattern that is the encoded location for a directory that must exist on the source computer. If the specification is correct in the registry value, but the directory does not exist, this function returns NULL. If it is processing a registry value that is a MULTI-SZ, only the first segment will be processed. @@ -557,17 +543,17 @@ The following functions generate patterns out of the content of an object. These ``` -## <contentModify> +## <contentModify> The <contentModify> element modifies the content of an object before it is written to the destination computer. For each <contentModify> element there can be multiple <objectSet> elements. This element returns the new content of the object that is being processed. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Required child elements:**[<objectSet>](#objectset) +- **Required child elements:** [<objectSet>](#objectset) -- **Helper functions**: You can use the following [<contentModify> functions](#contentmodifyfunctions) with this element: ConvertToDWORD, ConvertToString, ConvertToBinary, KeepExisting, OffsetValue, SetValueByTable, MergeMultiSzContent, and MergeDelimitedContent. +- **Helper functions**: You can use the following [<contentModify> functions](#contentmodifyfunctions) with this element: ConvertToDWORD, ConvertToString, ConvertToBinary, KeepExisting, OffsetValue, SetValueByTable, MergeMultiSzContent, and MergeDelimitedContent. Syntax: @@ -580,11 +566,11 @@ Syntax: |--- |--- |--- | |script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2").`

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| -### <contentModify> functions +### <contentModify> functions The following functions change the content of objects as they are migrated. These functions are called for every object that the parent <ObjectSet> element is enumerating. -- **ConvertToDWORD** +- **ConvertToDWORD** The ConvertToDWORD function converts the content of registry values that are enumerated by the parent <ObjectSet> element to a DWORD. For example, ConvertToDWORD will convert the string "1" to the DWORD 0x00000001. If the conversion fails, then the value of DefaultValueOnError will be applied. @@ -594,7 +580,7 @@ The following functions change the content of objects as they are migrated. Thes |--- |--- |--- | |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.| -- **ConvertToString** +- **ConvertToString** The ConvertToString function converts the content of registry values that match the parent <ObjectSet> element to a string. For example, it will convert the DWORD 0x00000001 to the string "1". If the conversion fails, then the value of DefaultValueOnError will be applied. @@ -614,13 +600,13 @@ The following functions change the content of objects as they are migrated. Thes ``` -- **ConvertToBinary** +- **ConvertToBinary** The ConvertToBinary function converts the content of registry values that match the parent <ObjectSet> element to a binary type. Syntax: `ConvertToBinary ()` -- **OffsetValue** +- **OffsetValue** The OffsetValue function adds or subtracts *Value* from the value of the migrated object, and then writes the result back into the registry value on the destination computer. For example, if the migrated object is a DWORD with a value of 14, and the *Value* is "-2", the registry value will be 12 on the destination computer. @@ -630,7 +616,7 @@ The following functions change the content of objects as they are migrated. Thes |--- |--- |--- | |*Value*|Yes|The string representation of a numeric value. It can be positive or negative. For example, `OffsetValue(2)`.| -- **SetValueByTable** +- **SetValueByTable** The SetValueByTable function matches the value from the source computer to the source table. If the value is there, the equivalent value in the destination table will be applied. If the value is not there, or if the destination table has no equivalent value, the *DefaultValueOnError* will be applied. @@ -642,7 +628,7 @@ The following functions change the content of objects as they are migrated. Thes |*DestinationTable*|No|A list of translated values separated by commas.| |*DefaultValueOnError*|No|The value that will be applied to the destination computer if either 1) the value for the source computer does not match *SourceTable*, or 2) *DestinationTable* has no equivalent value.

If DefaultValueOnError is NULL, the value will not be changed on the destination computer.| -- **KeepExisting** +- **KeepExisting** You can use the KeepExisting function when there are conflicts on the destination computer. This function will keep (not overwrite) the specified attributes for the object that is on the destination computer. @@ -652,7 +638,7 @@ The following functions change the content of objects as they are migrated. Thes |--- |--- |--- | | *OptionString* | Yes | *OptionString* can be **Security**, **TimeFields**, or **FileAttrib**:*Letter*. You can specify one of each type of *OptionStrings*. Do not specify multiple *OptionStrings* with the same value. If you do, the right-most option of that type will be kept. For example, do not specify **("FileAttrib:H", "FileAttrib:R")** because only Read-only will be evaluated. Instead specify **("FileAttrib:HR")** and both Hidden and Read-only attributes will be kept on the destination computer.
  • **Security**. Keeps the destination object's security descriptor if it exists.
  • **TimeFields**. Keeps the destination object's time stamps. This parameter is for files only.
  • **FileAttrib:** *Letter*. Keeps the destination object's attribute value, either On or OFF, for the specified set of file attributes. This parameter is for files only. The following are case-insensitive, but USMT will ignore any values that are invalid, repeated, or if there is a space after "FileAttrib:". You can specify any combination of the following attributes:
    • **A** = Archive
    • **C** = Compressed
    • **E** = Encrypted
    • **H** = Hidden
    • **I** = Not Content Indexed
    • **O** = Offline
    • **R** = Read-Only
    • **S** = System
    • **T** = Temporary
| -- **MergeMultiSzContent** +- **MergeMultiSzContent** The MergeMultiSzContent function merges the MULTI-SZ content of the registry values that are enumerated by the parent <ObjectSet> element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and `String` either remove or add content to the resulting MULTI-SZ. Duplicate elements will be removed. @@ -663,7 +649,7 @@ The following functions change the content of objects as they are migrated. Thes | *Instruction* | Yes | Can be one of the following:
  • **Add**. Adds the corresponding String to the resulting MULTI-SZ if it is not already there.
  • **Remove**. Removes the corresponding String from the resulting MULTI-SZ.
| | *String* | Yes | The string to be added or removed. | -- **MergeDelimitedContent** +- **MergeDelimitedContent** The MergeDelimitedContent function merges the content of the registry values that are enumerated by the parent <ObjectSet> element with the content of the equivalent registry values that already exist on the destination computer. The content is considered a list of elements separated by one of the characters in the Delimiters parameter. Duplicate elements will be removed. @@ -675,15 +661,15 @@ The following functions change the content of objects as they are migrated. Thes | *Instruction* | Yes | Can one of the following:
  • **Add.** Adds *String* to the resulting MULTI-SZ if it is not already there.
  • **Remove.** Removes *String* from the resulting MULTI-SZ.
| | *String* | Yes | The string to be added or removed. | -## <description> +## <description> The <description> element defines a description for the component but does not affect the migration. -- **Number of occurrences:** zero or one +- **Number of occurrences:** zero or one -- **Parent elements:**[<component>](#component) +- **Parent elements:** [<component>](#component) -- **Child elements:** none +- **Child elements:** none Syntax: @@ -701,22 +687,20 @@ The following code sample shows how the <description> element defines the My custom component ``` -## <destinationCleanup> +## <destinationCleanup> The <destinationCleanup> element deletes objects, such as files and registry keys, from the destination computer before applying the objects from the source computer. This element is evaluated only when the LoadState tool is run on the destination computer. That is, this element is ignored by the ScanState tool. > [!IMPORTANT] > Use this option with extreme caution because it will delete objects from the destination computer. - - For each <destinationCleanup> element there can be multiple <objectSet> elements. A common use for this element is if there is a missing registry key on the source computer and you want to ensure that a component is migrated. In this case, you can delete all of the component's registry keys before migrating the source registry keys. This will ensure that if there is a missing key on the source computer, it will also be missing on the destination computer. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Child elements:**[<objectSet>](#objectset) (Note that the destination computer will delete all child elements.) +- **Child elements:** [<objectSet>](#objectset) (Note that the destination computer will delete all child elements.) Syntax: @@ -740,7 +724,7 @@ For example: ``` -## <detect> +## <detect> Although the <detect> element is still supported, we do not recommend using it because it may be deprecated in future versions of USMT. In that case, you would have to rewrite your scripts. Instead, we recommend that you use the [<detection>](#detection)**element.** @@ -748,13 +732,13 @@ You use the <detect> element to determine if the component is present on a For each <detect> element there can be multiple child <condition> or <objectSet> elements, which will be logically joined by an OR operator. If at least one <condition> or <objectSet> element evaluates to TRUE, then the <detect> element evaluates to TRUE. -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:** <detects>, [<namedElements>](#namedelements) +- **Parent elements:** <detects>, [<namedElements>](#namedelements) -- **Required child elements:**[<condition>](#condition) +- **Required child elements:** [<condition>](#condition) -- **Optional child elements:**[<objectSet>](#objectset) +- **Optional child elements:** [<objectSet>](#objectset) Syntax: @@ -770,7 +754,7 @@ Syntax: For examples, see the examples for [<detection>](#detection). -## <detects> +## <detects> Although the <detects> element is still supported, we recommend that you do not use it because it may be deprecated in future versions of USMT, which would require you to rewrite your scripts. Instead, we recommend that you use the [<detection>](#detection) element if the parent element is <role> or <namedElements>, and we recommend that you use the <conditions> element if the parent element is <rules>. Using <detection> allows you to more clearly formulate complex Boolean statements. @@ -783,11 +767,11 @@ Syntax: ``` -- **Number of occurrences:** Unlimited. +- **Number of occurrences:** Unlimited. -- **Parent elements:**[<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) +- **Parent elements:** [<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) -- **Required child elements:** <detect> +- **Required child elements:** <detect> |Setting|Required?|Value| |--- |--- |--- | @@ -807,8 +791,7 @@ The following example is from the MigApp.xml file. ``` -## <detection> - +## <detection> The <detection> element is a container for one <conditions> element. The result of the child <condition> elements, located underneath the <conditions> element, determines the result of this element. For example, if all of the child <conditions> elements within the <detection> element resolve to TRUE, then the <detection> element resolves to TRUE. If any of the child <conditions> elements resolve to FALSE, then the <detection> element resolves to FALSE. @@ -816,11 +799,11 @@ In addition, the results from each <detection> section within the <role Use the <detection> element under the <namedElements> element if you do not want to write it within a component. Then include a matching <detection> section under the <role> element to control whether the component is migrated. If there is not a <detection> section for a component, then USMT will assume that the component is present. -- **Number of occurrences:** Unlimited. +- **Number of occurrences:** Unlimited. -- **Parent elements:**[<role>](#role), [<namedElements>](#namedelements) +- **Parent elements:** [<role>](#role), [<namedElements>](#namedelements) -- **Child elements:**[<conditions>](#conditions) +- **Child elements:** [<conditions>](#conditions) Syntax: @@ -857,16 +840,15 @@ and ``` -## <displayName> - +## <displayName> The <displayName> element is a required field within each <component> element. -- **Number of occurrences:** once for each component +- **Number of occurrences:** once for each component -- **Parent elements:**[<component>](#component) +- **Parent elements:** [<component>](#component) -- **Child elements:** none +- **Child elements:** none Syntax: @@ -885,17 +867,17 @@ For example: Command Prompt settings ``` -## <environment> +## <environment> -The <environment> element is a container for <variable> elements in which you can define variables to use in your .xml file. All environment variables defined this way will be private. That is, they will be available only for their child components and the component in which they were defined. For two example scenarios, see [Examples](#envex). +The <environment> element is a container for <variable> elements in which you can define variables to use in your .xml file. All environment variables defined this way will be private. That is, they will be available only for their child components and the component in which they were defined. For two example scenarios, see [Examples](#examples). -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:**[<role>](#role), [<component>](#component), [<namedElements>](#namedelements) +- **Parent elements:** [<role>](#role), [<component>](#component), [<namedElements>](#namedelements) -- **Required child elements:**[<variable>](#variable) +- **Required child elements:** [<variable>](#variable) -- **Optional child elements:**[conditions](#conditions) +- **Optional child elements:** [conditions](#conditions) Syntax: @@ -909,7 +891,7 @@ Syntax: | name | Yes, when <environment> is a child of <namedElements>
No, when <environment> is a child of <role> or <component> | When declared as a child of the <role> or <component> elements, if *ID* is declared, USMT ignores the content of the <environment> element and the content of the <environment> element with the same name declared in the <namedElements> element is processed. | | context | No
(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the <component> element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though <rules> were not there.
  • **User.** Evaluates the variables for each user.
  • **System.** Evaluates the variables only once for the system.
  • **UserAndSystem.** Evaluates the variables for the entire operating system and each user.
| -## +## Examples ### Example scenario 1 @@ -989,18 +971,17 @@ Then, you can specify the variable in an <include> rule as follows: ``` -## <exclude> - +## <exclude> The <exclude> element determines what objects will not be migrated, unless there is a more specific <include> element that migrates an object. If there is an <include> and <exclude> element for the same object, the object will be included. For each <exclude> element there can be multiple child <objectSet> elements. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Child elements:**[<objectSet>](#objectset) +- **Child elements:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<exclude> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, NeverRestore, and SameRegContent. +- **Helper functions:** You can use the following [<exclude> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, NeverRestore, and SameRegContent. Syntax: @@ -1013,7 +994,6 @@ Syntax: |--- |--- |--- | |filter|No
(default = No)|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| - For example, from the MigUser.xml file: ```xml @@ -1026,16 +1006,15 @@ For example, from the MigUser.xml file: ``` -## <excludeAttributes> - +## <excludeAttributes> You can use the <excludeAttributes> element to determine which parameters associated with an object will not be migrated. If there are conflicts between the <includeAttributes> and <excludeAttributes> elements, the most specific pattern determines the patterns that will not be migrated. If an object does not have an <includeAttributes> or <excludeAttributes> element, then all of its parameters will be migrated. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Child elements:**[<objectSet>](#objectset) +- **Child elements:** [<objectSet>](#objectset) Syntax: @@ -1099,16 +1078,15 @@ Example: ``` -## <extensions> - +## <extensions> The <extensions> element is a container for one or more <extension> elements. -- **Number of occurrences:** zero or one +- **Number of occurrences:** zero or one -- **Parent elements:**[<component>](#component) +- **Parent elements:** [<component>](#component) -- **Required child elements:**[<extension>](#extension) +- **Required child elements:** [<extension>](#extension) Syntax: @@ -1117,16 +1095,15 @@ Syntax: ``` -## <extension> - +## <extension> You can use the <extension> element to specify documents of a specific extension. -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:**[<extensions>](#extensions) +- **Parent elements:** [<extensions>](#extensions) -- **Child elements:** none +- **Child elements:** none Syntax: @@ -1158,16 +1135,15 @@ is the same as specifying the following code below the <rules> element: For another example of how to use the <extension> element, see the example for [<excludeAttributes>](#excludeattributes). -## <externalProcess> - +## <externalProcess> You can use the <externalProcess> element to run a command line during the migration process. For example, you may want to run a command after the LoadState process completes. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Required child elements:**[<commandLine>](#commandline) +- **Required child elements:** [<commandLine>](#commandline) Syntax: @@ -1182,21 +1158,21 @@ Syntax: For an example of how to use the <externalProcess> element, see the example for [<excludeAttributes>](#excludeattributes). -## <icon> +## <icon> This is an internal USMT element. Do not use this element. -## <include> +## <include> The <include> element determines what to migrate, unless there is a more specific [<exclude>](#exclude) rule. You can specify a script to be more specific to extend the definition of what you want to collect. For each <include> element there can be multiple <objectSet> elements. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Required child element:**[<objectSet>](#objectset) +- **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<include> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, and NeverRestore. +- **Helper functions:** You can use the following [<include> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, and NeverRestore. Syntax: @@ -1239,17 +1215,17 @@ The following example is from the MigUser.xml file: ``` -### <include> and <exclude> filter functions +### <include> and <exclude> filter functions The following functions return a Boolean value. You can use them to migrate certain objects based on when certain conditions are met. -- **AnswerNo** +- **AnswerNo** This filter always returns FALSE. Syntax: `AnswerNo ()` -- **CompareStringContent** +- **CompareStringContent** Syntax: `CompareStringContent("StringContent","CompareType")` @@ -1258,7 +1234,7 @@ The following functions return a Boolean value. You can use them to migrate cert | *StringContent* | Yes | The string to check against. | | *CompareType* | Yes | A string. Use one of the following values:
  • **Equal** (case insensitive). The function returns TRUE if the string representation of the current object that is processed by the migration engine is identical to `StringContent`.
  • **NULL** **or any other value**. The function returns TRUE if the string representation of the current object that is processed by the migration engine does not match `StringContent`.
| -- **IgnoreIrrelevantLinks** +- **IgnoreIrrelevantLinks** This filter screens out the .lnk files that point to an object that is not valid on the destination computer. Note that the screening takes place on the destination computer, so all .lnk files will be saved to the store during ScanState. Then they will be screened out when you run the LoadState tool. @@ -1274,7 +1250,7 @@ The following functions return a Boolean value. You can use them to migrate cert ``` -- **NeverRestore** +- **NeverRestore** You can use this function to collect the specified objects from the source computer but then not migrate the objects to the destination computer. When run with the ScanState tool, this function evaluates to TRUE. When run with the LoadState tool, this function evaluates to FALSE. You may want to use this function when you want to check an object's value on the destination computer but do not intend to migrate the object to the destination. @@ -1290,16 +1266,15 @@ The following functions return a Boolean value. You can use them to migrate cert ``` -## <includeAttributes> - +## <includeAttributes> You can use the <includeAttributes> element to determine whether certain parameters associated with an object will be migrated along with the object itself. If there are conflicts between the <includeAttributes> and <excludeAttributes> elements, the most specific pattern will determine which parameters will be migrated. If an object does not have an <includeAttributes> or <excludeAttributes> element, then all of its parameters will be migrated. -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Child elements:**[<objectSet>](#objectset) +- **Child elements:** [<objectSet>](#objectset) Syntax: @@ -1314,19 +1289,19 @@ Syntax: For an example of how to use the <includeAttributes> element, see the example for [<excludeAttributes>](#excludeattributes). -## <library> +## <library> This is an internal USMT element. Do not use this element. -## <location> +## <location> The <location> element defines the location of the <object> element. -- **Number of occurrences:** once for each <object> +- **Number of occurrences:** once for each <object> -- **Parent elements:**[<object>](#object) +- **Parent elements:** [<object>](#object) -- **Child elements:**[<script>](#script) +- **Child elements:** [<script>](#script) Syntax: @@ -1356,17 +1331,17 @@ The following example is from the MigApp.xml file: ``` -## <locationModify> +## <locationModify> You can use the <locationModify> element to change the location and name of an object before it is migrated to the destination computer. The <locationModify> element is processed only when the LoadState tool is run on the destination computer. In other words, this element is ignored by the ScanState tool. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. **Number of occurrences:** Unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Required child element:**[<objectSet>](#objectset) +- **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<locationModify> functions](#locationmodifyfunctions) with this element: ExactMove, RelativeMove, and Move. +- **Helper functions:** You can use the following [<locationModify> functions](#locationmodifyfunctions) with this element: ExactMove, RelativeMove, and Move. Syntax: @@ -1389,7 +1364,7 @@ The following example is from the MigApp.xml file: ``` -### <locationModify> functions +### <locationModify> functions The following functions change the location of objects as they are migrated when using the <locationModify> element. These functions are called for every object that the parent <ObjectSet> element is enumerating. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. @@ -1413,7 +1388,7 @@ The following functions change the location of objects as they are migrated when ``` -- **Move** +- **Move** The Move function moves objects to a different location on the destination computer. In addition, this function creates subdirectories that were above the longest CSIDL in the source object name. @@ -1423,7 +1398,7 @@ The following functions change the location of objects as they are migrated when |--- |--- |--- | |*DestinationRoot*|Yes|The location where the source objects will be moved. If needed, this function will create any subdirectories that were above the longest CSIDL in the source object name.| -- **RelativeMove** +- **RelativeMove** You can use the RelativeMove function to collect and move data. Note that you can use environment variables in source and destination roots, but they may be defined differently on the source and destination computers. @@ -1449,21 +1424,19 @@ For example: ``` -## <\_locDefinition> - +## <\_locDefinition> This is an internal USMT element. Do not use this element. -## <manufacturer> - +## <manufacturer> The <manufacturer> element defines the manufacturer for the component, but does not affect the migration. -- **Number of occurrences:** zero or one +- **Number of occurrences:** zero or one -- **Parent elements:**[<component>](#component) +- **Parent elements:** [<component>](#component) -- **Child elements:** none +- **Child elements:** none Syntax: @@ -1475,19 +1448,19 @@ Syntax: |--- |--- |--- | |*Name*|Yes|The name of the manufacturer for the component.| -## <merge> +## <merge> The <merge> element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify <include> rules along with the <merge> element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a <merge> rule C:\\\* \[\*\] set to <sourcePriority> and a <merge> rule C:\\subfolder\\\* \[\*\] set to <destinationPriority>, then USMT would use the <destinationPriority> rule because it is the more specific. For an example of this element, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Required child element:**[<objectSet>](#objectset) +- **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<merge> functions](#mergefunctions) with this element: SourcePriority, DestinationPriority, FindFilePlaceByPattern, LeafPattern, NewestVersion, HigherValue(), and LowerValue(). +- **Helper functions:** You can use the following [<merge> functions](#mergefunctions) with this element: SourcePriority, DestinationPriority, FindFilePlaceByPattern, LeafPattern, NewestVersion, HigherValue(), and LowerValue(). Syntax: @@ -1517,11 +1490,11 @@ The following example is from the MigUser.xml file: ``` -### <merge> functions +### <merge> functions These functions control how collisions are resolved. -- **DestinationPriority** +- **DestinationPriority** Specifies to keep the object that is on the destination computer and not migrate the object from the source computer. @@ -1537,7 +1510,7 @@ These functions control how collisions are resolved. ``` -- **FindFilePlaceByPattern** +- **FindFilePlaceByPattern** The FindFilePlaceByPattern function saves files with an incrementing counter when a collision occurs. It is a string that contains one of each constructs: <F>, <E>, <N> in any order. @@ -1547,7 +1520,7 @@ These functions control how collisions are resolved. |--- |--- |--- | | *FilePattern* | Yes |
  • **<F>** will be replaced by the original file name.
  • **<N>** will be replaced by an incrementing counter until there is no collision with the objects on the destination computer.
  • **<E>** will be replaced by the original file name extension.

For example, ` ().` will change the source file MyDocument.doc into MyDocument (1).doc on the destination computer. | -- **NewestVersion** +- **NewestVersion** The NewestVersion function will resolve conflicts on the destination computer based on the version of the file. @@ -1557,15 +1530,15 @@ These functions control how collisions are resolved. |--- |--- |--- | |*VersionTag*|Yes|The version field that will be checked. This can be "FileVersion" or "ProductVersion". The file with the highest *VersionTag* version determines which conflicts will be resolved based on the file's version. For example, if Myfile.txt contains FileVersion 1 and the same file on the destination computer contains FileVersion 2, the file on destination will remain.| -- **HigherValue()** +- **HigherValue()** You can use this function for merging registry values. The registry values will be evaluated as numeric values, and the one with the higher value will determine which registry values will be merged. -- **LowerValue()** +- **LowerValue()** You can use this function for merging registry values. The registry values will be evaluated as numeric values and the one with the lower value will determine which registry values will be merged. -- **SourcePriority** +- **SourcePriority** Specifies to migrate the object from the source computer, and to delete the object that is on the destination computer. @@ -1581,17 +1554,17 @@ These functions control how collisions are resolved. ``` -## <migration> +## <migration> The <migration> element is the single root element of a migration .xml file and is required. Each .xml file must have a unique migration urlid. The urlid of each file that you specify on the command line must be unique. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following at the beginning of each file: <CustomFileName> is the name of the file; for example, "CustomApp". -- **Number of occurrences:** one +- **Number of occurrences:** one -- **Parent elements:** none +- **Parent elements:** none -- **Required child elements:**[<component>](#component) +- **Required child elements:** [<component>](#component) -- **Optional child elements:**[<library>](#library), [<namedElements>](#namedelements) +- **Optional child elements:** [<library>](#library), [<namedElements>](#namedelements) Syntax: @@ -1638,7 +1611,7 @@ This filter helper function can be used to filter the migration of files based o ``` -## <namedElements> +## <namedElements> You can use the **<namedElements>** element to define named elements. You can use these elements in any component throughout your .xml file. For an example of how to use this element, see the MigApp.xml file. @@ -1649,25 +1622,25 @@ Syntax: ``` -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<migration>](#migration) +- **Parent elements:** [<migration>](#migration) -- **Child elements:**[<environment>](#bkmk-environment), [<rules>](#rules), [<conditions>](#conditions), [<detection>](#detection), <detects>, <detect> +- **Child elements:** [<environment>](#bkmk-environment), [<rules>](#rules), [<conditions>](#conditions), [<detection>](#detection), <detects>, <detect> For an example of this element, see the MigApp.xml file. -## <object> +## <object> The <object> element represents a file or registry key. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<addObjects>](#addobjects) +- **Parent elements:** [<addObjects>](#addobjects) -- **Required child elements:**[<location>](#location), [<attributes>](#attribute) +- **Required child elements:** [<location>](#location), [<attributes>](#attribute) -- **Optional child elements:**[<bytes>](#bytes) +- **Optional child elements:** [<bytes>](#bytes) Syntax: @@ -1693,18 +1666,17 @@ The following example is from the MigApp.xml file: ``` -## <objectSet> - +## <objectSet> The <objectSet> element contains a list of object patterns ; for example, file paths, registry locations, and so on. Any child <conditions> elements will be evaluated first. If all child <conditions> elements return FALSE, the <objectSet> element will evaluate to an empty set. For each parent element, there can be only multiple <objectSet> elements. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<variable>](#variable), [<content>](#content), [<include>](#include), [<exclude>](#exclude), [<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [<unconditionalExclude>](#unconditionalexclude), <detect> +- **Parent elements:** [<variable>](#variable), [<content>](#content), [<include>](#include), [<exclude>](#exclude), [<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [<unconditionalExclude>](#unconditionalexclude), <detect> -- **Required child elements:** either [<script>](#script) or [<pattern>](#pattern) +- **Required child elements:** either [<script>](#script) or [<pattern>](#pattern) -- **Optional child elements:**[<content>](#content), [conditions](#conditions), <condition> +- **Optional child elements:** [<content>](#content), [conditions](#conditions), <condition> Syntax: @@ -1743,19 +1715,16 @@ The following example is from the MigUser.xml file: ``` -## <path> - +## <path> This is an internal USMT element. Do not use this element. -## <paths> - +## <paths> This is an internal USMT element. Do not use this element. ## <pattern> - You can use this element to specify multiple objects. You can specify multiple <pattern> elements for each <objectSet> element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with <script> instead. GenerateDrivePatterns is basically the same as a <pattern> rule, without the drive letter specification. For example, the following two lines of code are similar: ```xml @@ -1763,11 +1732,11 @@ You can use this element to specify multiple objects. You can specify multiple & ``` -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<objectSet>](#objectset) +- **Parent elements:** [<objectSet>](#objectset) -- **Child elements:** none but *Path* \[*object*\] must be valid. +- **Child elements:** none but *Path* \[*object*\] must be valid. Syntax: @@ -1782,45 +1751,45 @@ Syntax: For example: -- To migrate a single registry key: +- To migrate a single registry key: ```xml HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent] ``` -- To migrate the EngineeringDrafts folder and any subfolders from the C: drive: +- To migrate the EngineeringDrafts folder and any subfolders from the C: drive: ```xml C:\EngineeringDrafts\* [*] ``` -- To migrate only the EngineeringDrafts folder, excluding any subfolders, from the C: drive: +- To migrate only the EngineeringDrafts folder, excluding any subfolders, from the C: drive: [Reroute Files and Settings](usmt-reroute-files-and-settings.md) -- To migrate the Sample.doc file from C:\\EngineeringDrafts: +- To migrate the Sample.doc file from C:\\EngineeringDrafts: ```xml C:\EngineeringDrafts\ [Sample.doc] ``` -- To migrate the Sample.doc file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated. +- To migrate the Sample.doc file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated. ```xml C:\* [Sample.doc] ``` -- For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), [Include Files and Settings](usmt-include-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md). +- For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), [Include Files and Settings](usmt-include-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md). -## <processing> +## <processing> You can use this element to run a script during a specific point within the migration process. Return values are not expected from the scripts that you specify, and if there are return values, they will be ignored. -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Required child element:**[<script>](#script) +- **Required child element:** [<script>](#script) Syntax: @@ -1833,21 +1802,21 @@ Syntax: |--- |--- |--- | | when | Yes | Indicates when the script should be run. This value can be one of the following:
  • **pre-scan** means before the scanning process begins.
  • **scan-success** means after the scanning process has finished successfully.
  • **post-scan** means after the scanning process has finished, whether it was successful or not.
  • **pre-apply** means before the apply process begins.
  • **apply-success** means after the apply process has finished successfully.
  • **post-apply** means after the apply process has finished, whether it was successful or not.
| -## <plugin> +## <plugin> This is an internal USMT element. Do not use this element. -## <role> +## <role> The <role> element is required in a custom .xml file. By specifying the <role> element, you can create a concrete component. The component will be defined by the parameters specified at the <component> level, and with the role that you specify here. -- **Number of occurrences:** Each <component> can have one, two or three child <role> elements. +- **Number of occurrences:** Each <component> can have one, two or three child <role> elements. -- **Parent elements:**[<component>](#component), [<role>](#role) +- **Parent elements:** [<component>](#component), [<role>](#role) -- **Required child elements:**[<rules>](#rules) +- **Required child elements:** [<rules>](#rules) -- **Optional child elements:**[<environment>](#bkmk-environment), [<detection>](#detection), [<component>](#component), [<role>](#role), <detects>, <plugin>, +- **Optional child elements:** [<environment>](#bkmk-environment), [<detection>](#detection), [<component>](#component), [<role>](#role), <detects>, <plugin>, Syntax: @@ -1891,18 +1860,17 @@ The following example is from the MigUser.xml file. For more examples, see the M ``` -## <rules> - +## <rules> The <rules> element is required in a custom .xml file. This element contains rules that will run during the migration if the parent <component> element is selected, unless the child <conditions> element, if present, evaluates to FALSE. For each <rules> element there can be multiple child <rules> elements. -- **Number of occurrences:** unlimited +- **Number of occurrences:** unlimited -- **Parent elements:**[<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) +- **Parent elements:** [<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) -- **Required child elements:**[<include>](#include) +- **Required child elements:** [<include>](#include) -- **Optional child elements:**[<rules>](#rules), [<exclude>](#exclude), [<unconditionalExclude>](#unconditionalexclude),[<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<addObjects>](#addobjects), [<externalProcess>](#externalprocess), [<processing>](#processing), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [conditions](#conditions), <detects> +- **Optional child elements:** [<rules>](#rules), [<exclude>](#exclude), [<unconditionalExclude>](#unconditionalexclude),[<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<addObjects>](#addobjects), [<externalProcess>](#externalprocess), [<processing>](#processing), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [conditions](#conditions), <detects> Syntax: @@ -1946,40 +1914,39 @@ The following example is from the MigUser.xml file: ``` -## <script> - +## <script> The return value that is required by <script> depends on the parent element. **Number of occurrences:** Once for [<variable>](#variable), unlimited for [<objectSet>](#objectset) and [<processing>](#processing) -**Parent elements:**[<objectSet>](#objectset), [<variable>](#variable), [<processing>](#processing) +**Parent elements:** [<objectSet>](#objectset), [<variable>](#variable), [<processing>](#processing) **Child elements:** none **Syntax and helper functions:** -- General Syntax: `` +- General Syntax: `` -- You can use [GetStringContent](#scriptfunctions) when <script> is within <variable>. +- You can use [GetStringContent](#scriptfunctions) when <script> is within <variable>. Syntax: `` Example: `` -- You can use [GenerateUserPatterns](#scriptfunctions) when <script> is within <objectSet>. +- You can use [GenerateUserPatterns](#scriptfunctions) when <script> is within <objectSet>. Syntax: `` Example: `` -- You can use [GenerateDrivePatterns](#scriptfunctions) when <script> is within <objectSet>. +- You can use [GenerateDrivePatterns](#scriptfunctions) when <script> is within <objectSet>. Syntax: `` Example: `` -- You can use the [Simple executing scripts](#scriptfunctions) with <script> elements that are within <processing> elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM. +- You can use the [Simple executing scripts](#scriptfunctions) with <script> elements that are within <processing> elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM. Syntax: `` @@ -1999,19 +1966,19 @@ To migrate the Sample.doc file from any drive on the source computer, use <sc For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md). -### <script> functions +### <script> functions You can use the following functions with the <script> element -- [String and pattern generating functions](#stringgeneratingfunctions) +- [String and pattern generating functions](#stringgeneratingfunctions) -- [Simple executing scripts](#simple) +- [Simple executing scripts](#simple) -### String and pattern generating functions +### String and pattern generating functions These functions return either a string or a pattern. -- **GetStringContent** +- **GetStringContent** You can use GetStringContent with <script> elements that are within <variable> elements. If possible, this function returns the string representation of the given object. Otherwise, it returns NULL. For file objects this function always returns NULL. @@ -2048,11 +2015,11 @@ These functions return either a string or a pattern. The function will iterate through all users that are being migrated, excluding the currently processed user if <ProcessCurrentUser> is FALSE, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: - - "C:\\Documents and Settings\\A\\\* \[\*.doc\]" + - "C:\\Documents and Settings\\A\\\* \[\*.doc\]" - - "C:\\Documents and Settings\\B\\\* \[\*.doc\]" + - "C:\\Documents and Settings\\B\\\* \[\*.doc\]" - - "C:\\Documents and Settings\\C\\\* \[\*.doc\]" + - "C:\\Documents and Settings\\C\\\* \[\*.doc\]" Syntax: `GenerateUserPatterns("ObjectType","EncodedLocationPattern","ProcessCurrentUser")` @@ -2126,11 +2093,11 @@ This helper function invokes the document finder to scan the system for all file ``` -### Simple executing scripts +### Simple executing scripts The following scripts have no return value. You can use the following errors with <script> elements that are within <processing> elements -- **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example: +- **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example: ```xml @@ -2138,9 +2105,9 @@ The following scripts have no return value. You can use the following errors wit ``` -- **ConvertToShortFileName(RegistryEncodedLocation)**. If *RegistryEncodedLocation* is the full path of an existing file, this function will convert the file to its short file name and then it will update the registry value. +- **ConvertToShortFileName(RegistryEncodedLocation)**. If *RegistryEncodedLocation* is the full path of an existing file, this function will convert the file to its short file name and then it will update the registry value. -- **KillExplorer()**. Stops Explorer.exe for the current user context. This allows access to certain keys and files that are kept open when Explorer.exe is running. For example: +- **KillExplorer()**. Stops Explorer.exe for the current user context. This allows access to certain keys and files that are kept open when Explorer.exe is running. For example: ```xml @@ -2148,7 +2115,7 @@ The following scripts have no return value. You can use the following errors wit ``` -- **RegisterFonts(FileEncodedLocation)**. Registers the given font or all of the fonts in the given directory. For example: +- **RegisterFonts(FileEncodedLocation)**. Registers the given font or all of the fonts in the given directory. For example: ```xml @@ -2156,9 +2123,9 @@ The following scripts have no return value. You can use the following errors wit ``` -- **RemoveEmptyDirectories (DirectoryEncodedPattern).** Deletes any empty directories that match *DirectoryEncodedPattern* on the destination computer. +- **RemoveEmptyDirectories (DirectoryEncodedPattern).** Deletes any empty directories that match *DirectoryEncodedPattern* on the destination computer. -- **RestartExplorer().** Restarts Explorer.exe at the end of the migration. For example: +- **RestartExplorer().** Restarts Explorer.exe at the end of the migration. For example: ```xml @@ -2166,22 +2133,21 @@ The following scripts have no return value. You can use the following errors wit ``` -- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](/windows/win32/api/winsvc/nf-winsvc-startservicea). +- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](/windows/win32/api/winsvc/nf-winsvc-startservicea). -- **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. +- **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. -- **SyncSCM(ServiceShortName).** Reads the Start type value from the registry (HKLM\\System\\CurrentControlSet\\Services\\ServiceShortName \[Start\]) after it is changed by the migration engine, and then synchronizes Service Control Manager (SCM) with the new value. - -## <text> +- **SyncSCM(ServiceShortName).** Reads the Start type value from the registry (HKLM\\System\\CurrentControlSet\\Services\\ServiceShortName \[Start\]) after it is changed by the migration engine, and then synchronizes Service Control Manager (SCM) with the new value. +## <text> You can use the <text> element to set a value for any environment variables that are inside one of the migration .xml files. -- **Number of occurrences:** Once in each [<variable>](#variable) element. +- **Number of occurrences:** Once in each [<variable>](#variable) element. -- **Parent elements:**[<variable>](#variable) +- **Parent elements:** [<variable>](#variable) -- **Child elements:** None. +- **Child elements:** None. Syntax: @@ -2201,18 +2167,17 @@ For example: ``` -## <unconditionalExclude> - +## <unconditionalExclude> The <unconditionalExclude> element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the Config.xml file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit <include> rules to include .mp3 files, if you specify to exclude them with this option, then they will not be migrated. Use this element if you want to exclude all .mp3 files from the source computer. Or, if you are backing up C:\\UserData using another method, you can exclude the entire folder from the migration. Use this element with caution, however, because if an application needs a file that you exclude, the application may not function properly on the destination computer. -- **Number of occurrences:** Unlimited. +- **Number of occurrences:** Unlimited. -- **Parent elements:**[<rules>](#rules) +- **Parent elements:** [<rules>](#rules) -- **Child elements:**[<objectSet>](#objectset) +- **Child elements:** [<objectSet>](#objectset) Syntax: @@ -2239,8 +2204,7 @@ The following .xml file excludes all .mp3 files from migration. For additional e ``` -## <variable> - +## <variable> The <variable> element is required in an <environment> element. For each <variable> element there must be one <objectSet>, <script>, or <text> element. The content of the <variable> element assigns a text value to the environment variable. This element has the following three options: @@ -2250,11 +2214,11 @@ The <variable> element is required in an <environment> element. For 3. If the <variable> element contains an <objectSet> element and the evaluation of the <objectSet> element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element. -- **Number of occurrences:** Unlimited +- **Number of occurrences:** Unlimited -- **Parent elements:**[<environment>](#bkmk-environment) +- **Parent elements:** [<environment>](#bkmk-environment) -- **Required child elements:** either [<text>](#text), or [<script>](#script), or [<objectSet>](#objectset) +- **Required child elements:** either [<text>](#text), or [<script>](#script), or [<objectSet>](#objectset) Syntax: @@ -2281,16 +2245,15 @@ The following example is from the MigApp.xml file: ``` -## <version> - +## <version> The <version> element defines the version for the component, but does not affect the migration. -- **Number of occurrences:** zero or one +- **Number of occurrences:** zero or one -- **Parent elements:**[<component>](#component) +- **Parent elements:** [<component>](#component) -- **Child elements:** none +- **Child elements:** none Syntax: @@ -2308,80 +2271,80 @@ For example: 4.* ``` -## <windowsObjects> +## <windowsObjects> The <windowsObjects> element is for USMT internal use only. Do not use this element. ## Appendix -### Specifying locations +### Specifying locations -- **Specifying encoded locations**. The encoded location used in all of the helper functions is an unambiguous string representation for the name of an object. It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves. +- **Specifying encoded locations**. The encoded location used in all of the helper functions is an unambiguous string representation for the name of an object. It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves. For example, specify the file C:\\Windows\\Notepad.exe like this: `c:\Windows[Notepad.exe]`. Similarly, specify the directory C:\\Windows\\System32 like this: `c:\Windows\System32`. (Notice the absence of the \[\] construct.) Representing the registry is very similar. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key will be `HKLM\SOFTWARE\MyKey[]`. -- **Specifying location patterns**. You specify a location pattern in a way that is similar to how you specify an actual location. The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf. +- **Specifying location patterns**. You specify a location pattern in a way that is similar to how you specify an actual location. The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf. For example, the pattern `c:\Windows\*` will match the Windows directory and all subdirectories. But it will not match any of the files in those directories. To match the files as well, you must specify `c:\Windows\*[*]`. -### Internal USMT functions +### Internal USMT functions The following functions are for internal USMT use only. Do not use them in an .xml file. -- AntiAlias +- AntiAlias -- ConvertScreenSaver +- ConvertScreenSaver -- ConvertShowIEOnDesktop +- ConvertShowIEOnDesktop -- ConvertToOfficeLangID +- ConvertToOfficeLangID -- MigrateActiveDesktop +- MigrateActiveDesktop -- MigrateAppearanceUPM +- MigrateAppearanceUPM -- MigrateDisplayCS +- MigrateDisplayCS -- MigrateDisplaySS +- MigrateDisplaySS -- MigrateIEAutoSearch +- MigrateIEAutoSearch -- MigrateMouseUPM +- MigrateMouseUPM -- MigrateSoundSysTray +- MigrateSoundSysTray -- MigrateTaskBarSS +- MigrateTaskBarSS -- SetPstPathInMapiStruc +- SetPstPathInMapiStruc -### Valid version tags +### Valid version tags You can use the following version tags with various helper functions: -- "CompanyName" +- "CompanyName" -- "FileDescription" +- "FileDescription" -- "FileVersion" +- "FileVersion" -- "InternalName" +- "InternalName" -- "LegalCopyright" +- "LegalCopyright" -- "OriginalFilename" +- "OriginalFilename" -- "ProductName" +- "ProductName" -- "ProductVersion" +- "ProductVersion" The following version tags contain values that can be compared: -- "FileVersion" +- "FileVersion" -- "ProductVersion" +- "ProductVersion" -## Related topics +## Related articles -[USMT XML Reference](usmt-xml-reference.md) +[USMT XML reference](usmt-xml-reference.md) From 59fb1643f00645c2f766382cb3fe6125d3b08531 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Fri, 4 Nov 2022 16:42:56 -0400 Subject: [PATCH 023/108] Metadata update deployment/usmt 20 --- .../usmt/usmt-xml-elements-library.md | 70 +++++++++---------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index 545e5e1860..941dba8274 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -23,7 +23,7 @@ The following table describes the XML elements and helper functions you can use | Elements A-K | Elements L-Z | Helper functions | |-----|----|-----| -| [<addObjects>](#addobjects)
[<attributes>](#attribute)
[<bytes>](#bytes)
[<commandLine>](#commandline)
[<component>](#component)
[<condition>](#condition)
[<conditions>](#conditions)
[<content>](#content)
[<contentModify>](#contentmodify)
[<description>](#description)
[<destinationCleanup>](#destinationcleanup)
[<detect>](#detect)
[<detects>](#detects)
[<detection>](#detection)
[<displayName>](#displayname)
[<environment>](#bkmk-environment)
[<exclude>](#exclude)
[<excludeAttributes>](#excludeattributes)
[<extensions>](#extensions)
[<extension>](#extension)
[<externalProcess>](#externalprocess)
[<icon>](#icon)
[<include>](#include)
[<includeAttribute>](#includeattributes) | [<library>](#library)
[<location>](#location)
[<locationModify>](#locationmodify)
[<_locDefinition>](#locdefinition)
[<manufacturer>](#manufacturer)
[<merge>](#merge)
[<migration>](#migration)
[<namedElements>](#namedelements)
[<object>](#object)
[<objectSet>](#objectset)
[<path>](#path)
[<paths>](#paths)
[<pattern>](#pattern)
[<processing>](#processing)
[<plugin>](#plugin)
[<role>](#role)
[<rules>](#rules)
[<script>](#script)
[<text>](#text)
[<unconditionalExclude>](#unconditionalexclude)
[<variable>](#variable)
[<version>](#version)
[<windowsObjects>](#windowsobjects) | [<condition> functions](#conditionfunctions)
[<content> functions](#contentfunctions)
[<contentModify> functions](#contentmodifyfunctions)
[<include> and <exclude> filter functions](#persistfilterfunctions)
[<locationModify> functions](#locationmodifyfunctions)
[<merge> functions](#mergefunctions)
[<script> functions](#scriptfunctions)
[Internal USMT functions](#internalusmtfunctions) | +| [<addObjects>](#addobjects)
[<attributes>](#attributes)
[<bytes>](#bytes)
[<commandLine>](#commandline)
[<component>](#component)
[<condition>](#condition)
[<conditions>](#conditions)
[<content>](#content)
[<contentModify>](#contentmodify)
[<description>](#description)
[<destinationCleanup>](#destinationcleanup)
[<detect>](#detect)
[<detects>](#detects)
[<detection>](#detection)
[<displayName>](#displayname)
[<environment>](#environment)
[<exclude>](#exclude)
[<excludeAttributes>](#excludeattributes)
[<extensions>](#extensions)
[<extension>](#extension)
[<externalProcess>](#externalprocess)
[<icon>](#icon)
[<include>](#include)
[<includeAttribute>](#includeattributes) | [<library>](#library)
[<location>](#location)
[<locationModify>](#locationmodify)
[<_locDefinition>](#_locdefinition)
[<manufacturer>](#manufacturer)
[<merge>](#merge)
[<migration>](#migration)
[<namedElements>](#namedelements)
[<object>](#object)
[<objectSet>](#objectset)
[<path>](#path)
[<paths>](#paths)
[<pattern>](#pattern)
[<processing>](#processing)
[<plugin>](#plugin)
[<role>](#role)
[<rules>](#rules)
[<script>](#script)
[<text>](#text)
[<unconditionalExclude>](#unconditionalexclude)
[<variable>](#variable)
[<version>](#version)
[<windowsObjects>](#windowsobjects) | [<condition> functions](#condition-functions)
[<content> functions](#content-functions)
[<contentModify> functions](#contentmodify-functions)
[<include> and <exclude> filter functions](#include-and-exclude-filter-functions)
[<locationModify> functions](#locationmodify-functions)
[<merge> functions](#merge-functions)
[<script> functions](#script-functions)
[Internal USMT functions](#internal-usmt-functions) | ## <addObjects> @@ -33,7 +33,7 @@ The <addObjects> element emulates the existence of one or more objects on - **Parent elements:** [<rules>](#rules) -- **Required child elements:** [<object>](#object) In addition, you must specify [<location>](#location) and [<attribute>](#attribute) as child elements of this <object> element. +- **Required child elements:** [<object>](#object) In addition, you must specify [<location>](#location) and [<attribute>](#attributes) as child elements of this <object> element. - **Optional child elements:** [<conditions>](#conditions), <condition>, [<script>](#script) @@ -155,7 +155,7 @@ A component can be nested inside another component; that is, the <component&g - **Required child elements:** [<role>](#role), [<displayName>](#displayname) -- **Optional child elements:** [<manufacturer>](#manufacturer), [<version>](#version), [<description>](#description), [<paths>](#paths), [<icon>](#icon), [<environment>](#bkmk-environment), [<extensions>](#extensions) +- **Optional child elements:** [<manufacturer>](#manufacturer), [<version>](#version), [<description>](#description), [<paths>](#paths), [<icon>](#icon), [<environment>](#environment), [<extensions>](#extensions) Syntax: @@ -186,7 +186,7 @@ The <condition> element has a Boolean result. You can use this element to - **Child elements:** none -- **Helper functions:** You can use the following [<condition> functions](#conditionfunctions) with this element: DoesOSMatch, IsNative64Bit(), IsOSLaterThan, IsOSEarlierThan, DoesObjectExist, DoesFileVersionMatch, IsFileVersionAbove, IsFileVersionBelow, IsSystemContext, DoesStringContentEqual, DoesStringContentContain, IsSameObject, IsSameContent, and IsSameStringContent. +- **Helper functions:** You can use the following [<condition> functions](#condition-functions) with this element: DoesOSMatch, IsNative64Bit(), IsOSLaterThan, IsOSEarlierThan, DoesObjectExist, DoesFileVersionMatch, IsFileVersionAbove, IsFileVersionBelow, IsSystemContext, DoesStringContentEqual, DoesStringContentContain, IsSameObject, IsSameContent, and IsSameStringContent. Syntax: @@ -295,7 +295,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the object type. Can be File or Registry.| - |*EncodedLocationPattern*|Yes|The [location pattern](#locations). Environment variables are allowed.| + |*EncodedLocationPattern*|Yes|The [location pattern](#specifying-locations). Environment variables are allowed.| For an example of this element, see the MigApp.xml file. @@ -307,7 +307,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | - |*EncodedFileLocation*|Yes|The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.| + |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.| |*VersionValue*|Yes|A string pattern. For example, "Microsoft*".| @@ -325,7 +325,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | - |*EncodedFileLocation*|Yes|The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.| + |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.| |*VersionValue*|Yes|The value to compare to. You cannot specify a pattern.| @@ -335,7 +335,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | - |*EncodedFileLocation*|Yes|The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.| + |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.| |*VersionValue*|Yes|The value to compare to. You cannot specify a pattern.| @@ -354,7 +354,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.| - |*EncodedLocationPattern*|Yes|The [encoded location](#locations) for the object that will be examined. You can specify environment variables.| + |*EncodedLocationPattern*|Yes|The [encoded location](#specifying-locations) for the object that will be examined. You can specify environment variables.| |StringContent|Yes|The string that will be checked against.| For example: @@ -372,7 +372,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.| - |*EncodedLocationPattern*|Yes|The [encoded location](#locations) for the object that will be examined. You can specify environment variables.| + |*EncodedLocationPattern*|Yes|The [encoded location](#specifying-locations) for the object that will be examined. You can specify environment variables.| |*StrToFind*|Yes|A string that will be searched inside the content of the given object.| - **IsSameObject** @@ -384,8 +384,8 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.| - |*EncodedLocation1*|Yes|The [encoded location](#locations) for the first object. You can specify environment variables.| - |*EncodedLocation2*|Yes|The [encoded location](#locations) for the second object. You can specify environment variables.| + |*EncodedLocation1*|Yes|The [encoded location](#specifying-locations) for the first object. You can specify environment variables.| + |*EncodedLocation2*|Yes|The [encoded location](#specifying-locations) for the second object. You can specify environment variables.| For example: @@ -405,9 +405,9 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*ObjectType1*|Yes|Defines the type of the first object. Can be File or Registry.| - |*EncodedLocation1*|Yes|The [encoded location](#locations) for the first object. You can specify environment variables.| + |*EncodedLocation1*|Yes|The [encoded location](#specifying-locations) for the first object. You can specify environment variables.| |*ObjectType2*|Yes|Defines the type of the second object. Can be File or Registry.| - |*EncodedLocation2*|Yes|The [encoded location](#locations) for the second object. You can specify environment variables.| + |*EncodedLocation2*|Yes|The [encoded location](#specifying-locations) for the second object. You can specify environment variables.| - **IsSameStringContent** @@ -418,9 +418,9 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*ObjectType1*|Yes|Defines the type of the first object. Can be File or Registry.| - |*EncodedLocation1*|Yes|The [encoded location](#locations) for the first object. You can specify environment variables.| + |*EncodedLocation1*|Yes|The [encoded location](#specifying-locations) for the first object. You can specify environment variables.| |*ObjectType2*|Yes|Defines the type of the second object. Can be File or Registry.| - |*EncodedLocation2*|Yes|The [encoded location](#locations) for the second object. You can specify environment variables.| + |*EncodedLocation2*|Yes|The [encoded location](#specifying-locations) for the second object. You can specify environment variables.| ## <conditions> @@ -428,7 +428,7 @@ The <conditions> element returns a Boolean result that is used to specify - **Number of occurrences:** Unlimited inside another <conditions> element. Limited to one occurrence in [<detection>](#detection), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) -- **Parent elements:** [<conditions>](#conditions), [<detection>](#detection), [<environment>](#bkmk-environment), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) +- **Parent elements:** [<conditions>](#conditions), [<detection>](#detection), [<environment>](#environment), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) - **Child elements:** [<conditions>](#conditions), [<condition>](#condition) @@ -466,7 +466,7 @@ You can use the <content> element to specify a list of object patterns to - **Child elements:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<content> functions](#contentfunctions) with this element: ExtractSingleFile, ExtractMultipleFiles, and ExtractDirectory. +- **Helper functions:** You can use the following [<content> functions](#content-functions) with this element: ExtractSingleFile, ExtractMultipleFiles, and ExtractDirectory. Syntax: @@ -553,7 +553,7 @@ The <contentModify> element modifies the content of an object before it is - **Required child elements:** [<objectSet>](#objectset) -- **Helper functions**: You can use the following [<contentModify> functions](#contentmodifyfunctions) with this element: ConvertToDWORD, ConvertToString, ConvertToBinary, KeepExisting, OffsetValue, SetValueByTable, MergeMultiSzContent, and MergeDelimitedContent. +- **Helper functions**: You can use the following [<contentModify> functions](#contentmodify-functions) with this element: ConvertToDWORD, ConvertToString, ConvertToBinary, KeepExisting, OffsetValue, SetValueByTable, MergeMultiSzContent, and MergeDelimitedContent. Syntax: @@ -905,7 +905,7 @@ In this scenario, you want to generate the location of objects at run time depen ``` -Then you can use an include rule as follows. You can use any of the [<script> functions](#scriptfunctions) to perform similar tasks. +Then you can use an include rule as follows. You can use any of the [<script> functions](#script-functions) to perform similar tasks. ```xml @@ -981,7 +981,7 @@ The <exclude> element determines what objects will not be migrated, unless - **Child elements:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<exclude> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, NeverRestore, and SameRegContent. +- **Helper functions:** You can use the following [<exclude> filter functions](#include-and-exclude-filter-functions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, NeverRestore, and SameRegContent. Syntax: @@ -1172,7 +1172,7 @@ The <include> element determines what to migrate, unless there is a more s - **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<include> filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, and NeverRestore. +- **Helper functions:** You can use the following [<include> filter functions](#include-and-exclude-filter-functions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, and NeverRestore. Syntax: @@ -1341,7 +1341,7 @@ You can use the <locationModify> element to change the location and name o - **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<locationModify> functions](#locationmodifyfunctions) with this element: ExactMove, RelativeMove, and Move. +- **Helper functions:** You can use the following [<locationModify> functions](#locationmodify-functions) with this element: ExactMove, RelativeMove, and Move. Syntax: @@ -1376,7 +1376,7 @@ The following functions change the location of objects as they are migrated when |Setting|Required?|Value| |--- |--- |--- | - |*ObjectEncodedLocation*|Yes|The destination [location](#locations) for all of the source objects.| + |*ObjectEncodedLocation*|Yes|The destination [location](#specifying-locations) for all of the source objects.| For example: @@ -1460,7 +1460,7 @@ For an example of this element, see [Conflicts and Precedence](usmt-conflicts-an - **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<merge> functions](#mergefunctions) with this element: SourcePriority, DestinationPriority, FindFilePlaceByPattern, LeafPattern, NewestVersion, HigherValue(), and LowerValue(). +- **Helper functions:** You can use the following [<merge> functions](#merge-functions) with this element: SourcePriority, DestinationPriority, FindFilePlaceByPattern, LeafPattern, NewestVersion, HigherValue(), and LowerValue(). Syntax: @@ -1626,7 +1626,7 @@ Syntax: - **Parent elements:** [<migration>](#migration) -- **Child elements:** [<environment>](#bkmk-environment), [<rules>](#rules), [<conditions>](#conditions), [<detection>](#detection), <detects>, <detect> +- **Child elements:** [<environment>](#environment), [<rules>](#rules), [<conditions>](#conditions), [<detection>](#detection), <detects>, <detect> For an example of this element, see the MigApp.xml file. @@ -1638,7 +1638,7 @@ The <object> element represents a file or registry key. - **Parent elements:** [<addObjects>](#addobjects) -- **Required child elements:** [<location>](#location), [<attributes>](#attribute) +- **Required child elements:** [<location>](#location), [<attributes>](#attributes) - **Optional child elements:** [<bytes>](#bytes) @@ -1816,7 +1816,7 @@ The <role> element is required in a custom .xml file. By specifying the &l - **Required child elements:** [<rules>](#rules) -- **Optional child elements:** [<environment>](#bkmk-environment), [<detection>](#detection), [<component>](#component), [<role>](#role), <detects>, <plugin>, +- **Optional child elements:** [<environment>](#environment), [<detection>](#detection), [<component>](#component), [<role>](#role), <detects>, <plugin>, Syntax: @@ -1928,25 +1928,25 @@ The return value that is required by <script> depends on the parent elemen - General Syntax: `` -- You can use [GetStringContent](#scriptfunctions) when <script> is within <variable>. +- You can use [GetStringContent](#script-functions) when <script> is within <variable>. Syntax: `` Example: `` -- You can use [GenerateUserPatterns](#scriptfunctions) when <script> is within <objectSet>. +- You can use [GenerateUserPatterns](#script-functions) when <script> is within <objectSet>. Syntax: `` Example: `` -- You can use [GenerateDrivePatterns](#scriptfunctions) when <script> is within <objectSet>. +- You can use [GenerateDrivePatterns](#script-functions) when <script> is within <objectSet>. Syntax: `` Example: `` -- You can use the [Simple executing scripts](#scriptfunctions) with <script> elements that are within <processing> elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM. +- You can use the [Simple executing scripts](#script-functions) with <script> elements that are within <processing> elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM. Syntax: `` @@ -2006,7 +2006,7 @@ These functions return either a string or a pattern. |Setting|Required?|Value| |--- |--- |--- | - | *PatternSegment* | Yes | The suffix of an encoded pattern. It will be concatenated with a drive specification, such as "c:", to form a complete [encoded file pattern](#locations). For example, "* [*.doc]". *PatternSegment* cannot be an environment variable. | + | *PatternSegment* | Yes | The suffix of an encoded pattern. It will be concatenated with a drive specification, such as "c:", to form a complete [encoded file pattern](#specifying-locations). For example, "* [*.doc]". *PatternSegment* cannot be an environment variable. | | *DriveType* | Yes | The drive type for which the patterns are to be generated. You can specify one of:
  • Fixed
  • CDROM
  • Removable
  • Remote
| See the last component in the MigUser.xml file for an example of this element. @@ -2026,7 +2026,7 @@ These functions return either a string or a pattern. |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the object type. Can be File or Registry.| - |*EncodedLocationPattern*|Yes|The [location pattern](#locations). Environment variables are allowed.| + |*EncodedLocationPattern*|Yes|The [location pattern](#specifying-locations). Environment variables are allowed.| |*ProcessCurrentUser*|Yes|Can be TRUE or FALSE. Indicates if the patterns should be generated for the current user.| **Example:** @@ -2216,7 +2216,7 @@ The <variable> element is required in an <environment> element. For - **Number of occurrences:** Unlimited -- **Parent elements:** [<environment>](#bkmk-environment) +- **Parent elements:** [<environment>](#environment) - **Required child elements:** either [<text>](#text), or [<script>](#script), or [<objectSet>](#objectset) From adb8f0000d34f88ea640200509134bb62aaba1ad Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Fri, 4 Nov 2022 18:59:08 -0400 Subject: [PATCH 024/108] Metadata update deployment/usmt 21 --- .../usmt/migrate-application-settings.md | 6 +- .../usmt/understanding-migration-xml-files.md | 4 +- windows/deployment/usmt/usmt-common-issues.md | 4 +- .../usmt-estimate-migration-store-size.md | 4 +- .../usmt/usmt-exclude-files-and-settings.md | 10 +- ...files-from-a-compressed-migration-store.md | 6 +- windows/deployment/usmt/usmt-how-to.md | 4 +- .../deployment/usmt/usmt-loadstate-syntax.md | 4 +- ...usmt-migrate-efs-files-and-certificates.md | 2 +- .../usmt/usmt-migrate-user-accounts.md | 12 +- .../deployment/usmt/usmt-scanstate-syntax.md | 4 +- .../usmt/usmt-technical-reference.md | 4 +- windows/deployment/usmt/usmt-topics.md | 4 +- .../usmt/usmt-xml-elements-library.md | 24 ++-- windows/deployment/usmt/usmt-xml-reference.md | 24 ++-- ...ndition-of-a-compressed-migration-store.md | 112 +++++++----------- .../deployment/usmt/xml-file-requirements.md | 20 +--- 17 files changed, 112 insertions(+), 136 deletions(-) diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 02d47cae69..33d1769033 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -129,7 +129,11 @@ For information about the .xml elements and helper functions, see [XML Elements On a test computer, install the operating system that will be installed on the destination computers. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 10 and the application. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly. -To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you're testing. To specify only User1 in the migration, type: `/ue:*\* /ui:user1`. For more information, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md) and User options in the [ScanState Syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration. +To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you're testing. To specify only **User1** in the migration, enter: + +`/ue:*\* /ui:user1` + +For more information, see the [Exclude files and settings](usmt-exclude-files-and-settings.md) article and the [User options](usmt-scanstate-syntax.md#user-options) section in the [ScanState syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration. ## Related articles diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 8009dadee8..c27d2109d8 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -192,14 +192,14 @@ To generate the XML migration rules file for a source computer: 3. Select an account with administrator privileges, supply a password, and then select **OK**. -4. At the command prompt, type: +4. At the command prompt, enter: ```console cd /d scanstate.exe /genmigxml: ``` - Where *<USMTpath>* is the location on your source computer where you've saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, type: + Where *<USMTpath>* is the location on your source computer where you've saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, enter: ```console cd /d c:\USMT diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index d60fb2c91a..23d35f65aa 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -258,7 +258,7 @@ You can also use patterns for SIDs that identify generic users or groups. For ex **Cause:** The HKLM registry hive isn't unloaded after the **ScanState** tool has finished running. -**Resolution:** Reboot the computer or unload the registry hive at the command prompt after the **ScanState** tool has finished running. For example, at a command prompt, type: +**Resolution:** Reboot the computer or unload the registry hive at the command prompt after the **ScanState** tool has finished running. For example, at a command prompt, enter: ``` syntax reg.exe unload hklm\$dest$software @@ -278,7 +278,7 @@ The following sections describe common hard-link migration problems. Expand the **Cause:** The migration store contains hard links to locked files. -**Resolution:** Use the UsmtUtils tool to delete the store or change the store name. For example, at a command prompt, type: +**Resolution:** Use the UsmtUtils tool to delete the store or change the store name. For example, at a command prompt, enter: ``` syntax USMTutils.exe /rd diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 5232dbb7bc..61289677d2 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -45,7 +45,7 @@ To run the ScanState tool on the source computer with USMT installed: 1. Open a command prompt with administrator privileges. -2. Navigate to the USMT tools. For example, type: +2. Navigate to the USMT tools. For example, enter: ``` syntax cd /d "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\User State Migration Tool\" @@ -53,7 +53,7 @@ To run the ScanState tool on the source computer with USMT installed: where *<architecture>* is x86 or amd64. -3. Run the **ScanState** tool to generate an XML report of the space requirements. At the command prompt, type: +3. Run the **ScanState** tool to generate an XML report of the space requirements. At the command prompt, enter: ``` syntax ScanState.exe /p: diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 60c849c7ad..0c67fe8a1b 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -13,13 +13,13 @@ ms.technology: itpro-deploy # Exclude files and settings -When you specify the migration .xml files, `MigApp.xml`, `Migdocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the User options on the command line in the ScanState tool. For more information, see [ScanState syntax](usmt-scanstate-syntax.md). +When you specify the migration .xml files, `MigApp.xml`, `Migdocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the user options on the command line in the ScanState tool. For more information, see the [User options](usmt-scanstate-syntax.md#user-options) section of the [ScanState syntax](usmt-scanstate-syntax.md) article. -## In this topic +Methods to customize the migration and include and exclude files and settings include: - [Create a custom .xml file](#create-a-custom-xml-file). You can use the following elements to specify what to exclude: - - include and exclude: You can use the **<include>** and **<exclude>** elements to exclude objects with conditions. For example, you can migrate all files located in the C:\\ drive, except any .mp3 files. It's important to remember that [Conflicts and Precedence](usmt-conflicts-and-precedence.md) apply to these elements. + - [Include and exclude](#include-and-exclude): You can use the **<include>** and **<exclude>** elements to exclude objects with conditions. For example, you can migrate all files located in the `C:\` drive, except any `.mp3` files. It's important to remember that [Conflicts and precedence](usmt-conflicts-and-precedence.md) apply to these elements. - [unconditionalExclude](#example-1-how-to-migrate-all-files-from-c-except-mp3-files): You can use the **<unconditionalExclude>** element to globally exclude data. This element takes precedence over all other include and exclude rules in the .xml files. Therefore, this element excludes objects regardless of any other **<include>** rules that are in the .xml files. For example, you can exclude all .mp3 files on the computer, or you can exclude all files from C:\\UserData. @@ -46,7 +46,7 @@ The migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, contai - [Example 5: How to exclude a file from any location](#example-5-how-to-exclude-a-file-from-any-location) -### Example 1: How to migrate all files from C:\\ except .mp3 files +### Example 1: How to migrate all files from `C:\` except `.mp3` files The following .xml file migrates all files located on the C: drive, except any .mp3 files. @@ -169,7 +169,7 @@ To exclude a Sample.doc file from any drive on the computer, use the **<scrip Here are some examples of how to use XML to exclude files, folders, and registry keys. For more info, see [USMT XML Reference](usmt-xml-reference.md) -##### Example 1: How to exclude all .mp3 files +##### Example 1: How to exclude all `.mp3` files The following .xml file excludes all `.mp3` files from the migration: diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index 8d4a62d699..c1bb5f4ac4 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -55,7 +55,7 @@ Where the placeholders have the following values: ### To extract all files from a compressed migration store -To extract everything from a compressed migration store to a file on the C:\\ drive, type: +To extract everything from a compressed migration store to a file on the `C:\` drive, enter: ``` syntax usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore @@ -63,7 +63,7 @@ usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore ### To extract specific file types from an encrypted compressed migration store -To extract specific files, such as .txt and .pdf files, from an encrypted compressed migration store, type: +To extract specific files, such as `.txt` and `.pdf` files, from an encrypted compressed migration store, enter: ``` syntax usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt @@ -73,7 +73,7 @@ In this example, the file is encrypted and the encryption key is located in a te ### To extract all but one, or more, file types from an encrypted compressed migration store -To extract all files except for one file type, such as .exe files, from an encrypted compressed migration store, type: +To extract all files except for one file type, such as `.exe` files, from an encrypted compressed migration store, enter: ``` syntax usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md index 2404de54db..e234211ca1 100644 --- a/windows/deployment/usmt/usmt-how-to.md +++ b/windows/deployment/usmt/usmt-how-to.md @@ -17,8 +17,8 @@ The following table lists articles that describe how to use User State Migration ## In this section -|Article |Description| -|------|-----------| +| Link | Description | +|------ |----------- | |[Exclude files and settings](usmt-exclude-files-and-settings.md)|Create a custom .xml file to exclude files, file types, folders, or registry settings from your migration.| |[Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md)|Recover files from a compressed migration store after installing the operating system.| |[Include files and settings](usmt-include-files-and-settings.md)|Create a custom .xml file to include files, file types, folders, or registry settings in your migration.| diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 435484b0c8..e70c3ef655 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -90,7 +90,7 @@ By default, all users are migrated. The only way to specify which users to inclu | Command-Line Option | Description | |--- |--- | | **/all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to use the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. | -| **/ui**:*DomainName UserName*
or
**/ui**:*"DomainName User Name"*
or
**/ui**:*ComputerName LocalUserName* | **(User include)**

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` option. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotations marks (`"`).
For example:
  • To include only User2 from the Corporate domain, type:
    `/ue:* /ui:corporate\user2`
**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | +| **/ui**:*DomainName UserName*
or
**/ui**:*"DomainName User Name"*
or
**/ui**:*ComputerName LocalUserName* | **(User include)**

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` option. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotations marks (`"`).

For example, to include only **User2** from the Corporate domain, enter:

`/ue:* /ui:corporate\user2`

**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | | **/uel**:*``*
or
**/uel**:*``*
or
**/uel**:0 | **(User exclude based on last logon)**

Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the `ScanState.exe` command is run. You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed into another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.

Examples:
  • `/uel:0` migrates accounts that were logged on to the source computer when the `ScanState.exe` command was run.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose accounts have been modified within the last 24 hours.
  • `/uel:2020/2/15` migrates users who have logged on or whose accounts have been modified since February 15, 2020.

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0` | | **/ue**:*DomainName\UserName*
or
**/ue** *"DomainName\User Name"*
or
**/ue**:*ComputerName\LocalUserName* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options but you can't use the `/ue` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`).

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1`
For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | | **/md**:*OldDomain*:*NewDomain*
or
**/md**:*LocalComputerName:NewDomain* | **(Move domain)**

Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character.

You can specify this option more than once. You may want to specify multiple `/md` options if you're consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`.

If there are conflicts between two `/md` commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain.
**Note**
If you specify an *OldDomain* that didn't exist on the source computer, the `LoadState.exe` command will appear to complete successfully, without an error or warning. However, in this case, users won't be moved to *NewDomain* but will remain in their original domain. For example, if you misspell **contoso** and you instead specify **/md:contso:fabrikam**, the users will remain in **contoso** on the destination computer.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
` /progress:prog.log /l:load.log /md:contoso:fabrikam` | @@ -123,7 +123,7 @@ You can use the `/uel`, `/ue` and `/ui` options together to migrate only the use |--- |--- | | Include only User2 from the Fabrikam domain and exclude all other users. | `/ue:* /ui:fabrikam\user2` | | Include only the local user named User1 and exclude all other users. | `/ue:* /ui:user1` | -| Include only the domain users from Contoso, except Contoso\User1. | This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following options:
  • Using the **ScanState** command-line tool, type: `/ue:* /ui:contoso`
  • Using the **LoadState** command-line tool, type: `/ue:contoso\user1`
| +| Include only the domain users from Contoso, except Contoso\User1. | This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following options:
  • Using the **ScanState** command-line tool, enter: `/ue:* /ui:contoso`
  • Using the **LoadState** command-line tool, enter: `/ue:contoso\user1`
| | Include only local (non-domain) users. | `/ue: /ui:%computername%*` | ## Incompatible command-line options diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index 885356bdf2..3321e313d5 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -32,7 +32,7 @@ when running the `ScanState.exe` command to migrate the encrypted files. Then, w Before using the **ScanState** tool for a migration that includes encrypted files and EFS certificates, you must ensure that all files in an encrypted folder are encrypted as well or remove the encryption attribute from folders that contain unencrypted files. If the encryption attribute has been removed from a file but not from the parent folder, the file will be encrypted during the migration using the credentials of the account used to run the **LoadState** tool. -You can run the [Cipher.exe](/windows-server/administration/windows-commands/cipher) tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt type: +You can run the [Cipher.exe](/windows-server/administration/windows-commands/cipher) tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt enter: ``` syntax Cipher.exe /D /S: diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index ebb8f677d1..4a3750a1f2 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -29,13 +29,17 @@ Links to detailed explanations of commands are available in the [Related article 4. Enter one of the following `loadstate.exe` command lines in a command prompt window: - - If you're migrating domain accounts, Enter: + - If you're migrating domain accounts, enter: - `loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml` + ``` syntax + loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml + ``` - - If you're migrating local accounts along with domain accounts, Enter: + - If you're migrating local accounts along with domain accounts, enter: - `loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /lac /lae` + ``` syntax + loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /lac /lae + ``` > [!NOTE] > You do not have to specify the `/lae` option, which enables the account that was created with the `/lac` option. Instead, you can create a disabled local account by specifying only the `/lac` option, and then a local administrator needs to enable the account on the destination computer. diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 4158cc7173..8598c81042 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -134,7 +134,7 @@ By default, all users are migrated. The only way to specify which users to inclu | Command-Line Option | Description | |-----|-----| | **/all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to specify the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. | -| **/ui**:*<DomainName>*\*<UserName>*
or
**/ui**:*<ComputerName>*\*<LocalUserName>* | **(User include)**

Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` or `/uel` options. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`).
**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For example:
  • To include only User2 from the Fabrikam domain, type:
    `/ue:*\* /ui:fabrikam\user2`
  • To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:
    `/uel:30 /ui:fabrikam\*`
    In this example, a user account from the Contoso domain that was last modified two months ago won't be migrated.

For more examples, see the descriptions of the `/ue` and `/ui` options in this table. | +| **/ui**:*<DomainName>*\*<UserName>*
or
**/ui**:*<ComputerName>*\*<LocalUserName>* | **(User include)**

Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` or `/uel` options. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`).
**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For example:
  • To include only **User2** from the Fabrikam domain, enter:

    `/ue:*\* /ui:fabrikam\user2`

  • To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, enter:

    `/uel:30 /ui:fabrikam\*`

    In this example, a user account from the Contoso domain that was last modified two months ago won't be migrated.

For more examples, see the descriptions of the `/ue` and `/ui` options in this table. | | **/uel**:*<NumberOfDays>*
or
**/uel**:*<YYYY/MM/DD>*
or
**/uel:0** | **(User exclude based on last logon)**

Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the `ScanState.exe` command is run.

You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed in to another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.
  • `/uel:0` migrates any users who are currently logged on.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose account has been modified within the last 24 hours.
  • `/uel:2020/2/15` migrates users who have logged on or been modified February 15, 2020 or afterwards.

For example:
`scanstate.exe /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0` | | **/ue**:*<DomainName>*\*<UserName>*
-or-

**/ue**:*<ComputerName>*\*<LocalUserName>* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options. You can't use this option with the `/all` option. *<DomainName>* and *<UserName>* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks (`"`).

For example:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1` | @@ -163,7 +163,7 @@ The `/uel` option takes precedence over the `/ue` option. If a user has logged o |--- |--- | |Include only User2 from the Fabrikam domain and exclude all other users.|`/ue:*\* /ui:fabrikam\user2`| |Include only the local user named User1 and exclude all other users.|`/ue:*\* /ui:user1`| -|Include only the domain users from Contoso, except Contoso\User1.|This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following commands:
  • On the `ScanState.exe` command line, type: `/ue:*\* /ui:contoso\*`
  • On the `LoadState.exe` command line, type: `/ue:contoso\user1`
| +|Include only the domain users from Contoso, except Contoso\User1.|This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following commands:
  • On the `ScanState.exe` command line, enter:

    `/ue:*\* /ui:contoso\*`

  • On the `LoadState.exe` command line, enter:

    `/ue:contoso\user1`
| |Include only local (non-domain) users.|`/ue:*\* /ui:%computername%\*`| ## Encrypted file options diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index def8bb3eef..2504eabb75 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -42,8 +42,8 @@ USMT tools can be used on several versions of Windows operating systems, for mor ## In this section -|Article |Description| -|------|-----------| +| Link | Description | +|------ |----------- | |[User State Migration Tool (USMT) overview topics](usmt-topics.md)|Describes what's new in USMT, how to get started with USMT, and the benefits and limitations of using USMT.| |[User State Migration Tool (USMT) how-to topics](usmt-how-to.md)|Includes step-by-step instructions for using USMT and how-to topics for conducting tasks in USMT.| |[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md)|Provides answers to frequently asked questions and common issues in USMT and a reference for return codes used in USMT.| diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md index 8af523d718..755df2c928 100644 --- a/windows/deployment/usmt/usmt-topics.md +++ b/windows/deployment/usmt/usmt-topics.md @@ -17,8 +17,8 @@ The User State Migration Tool (USMT) 10.0 provides a highly customizable user-pr ## In this section -|Article |Description| -|------|-----------| +| Link | Description | +|------ |----------- | |[User State Migration Tool (USMT) overview](usmt-overview.md)|Describes the benefits and limitations of using USMT.| |[Getting started with the User State Migration Tool (USMT)](getting-started-with-the-user-state-migration-tool.md)|Describes the general process to follow to migrate files and settings, and provides links to more information.| |[Windows upgrade and migration considerations](../upgrade/windows-upgrade-and-migration-considerations.md)|Discusses the Microsoft® tools you can use to move files and settings between installations and special considerations for performing an upgrade or migration.| diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index 941dba8274..240033409e 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -308,7 +308,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| - |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.| + |*VersionTag*|Yes|The [version tag](#valid-version-tags) value that will be checked.| |*VersionValue*|Yes|A string pattern. For example, "Microsoft*".| For example: @@ -326,7 +326,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| - |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.| + |*VersionTag*|Yes|The [version tag](#valid-version-tags) value that will be checked.| |*VersionValue*|Yes|The value to compare to. You cannot specify a pattern.| - **IsFileVersionBelow** @@ -336,7 +336,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| - |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.| + |*VersionTag*|Yes|The [version tag](#valid-version-tags) value that will be checked.| |*VersionValue*|Yes|The value to compare to. You cannot specify a pattern.| - **IsSystemContext** @@ -931,7 +931,7 @@ Second, you can also filter registry values that contain data that you need. The ``` -### Example scenario 2: +### Example scenario 2 In this scenario, you want to migrate five files named File1.txt, File2.txt, and so on, from %SYSTEMDRIVE%\\data\\userdata\\dir1\\dir2\\. To do this you must have the following <include> rule in an .xml file: @@ -1450,9 +1450,9 @@ Syntax: ## <merge> -The <merge> element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify <include> rules along with the <merge> element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a <merge> rule C:\\\* \[\*\] set to <sourcePriority> and a <merge> rule C:\\subfolder\\\* \[\*\] set to <destinationPriority>, then USMT would use the <destinationPriority> rule because it is the more specific. +The <merge> element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify <include> rules along with the <merge> element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a <merge> rule `C:\* [*]` set to <sourcePriority> and a <merge> rule `C:\subfolder\* [*]` set to <destinationPriority>, then USMT would use the <destinationPriority> rule because it is the more specific. -For an example of this element, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). +For an example of this element, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). - **Number of occurrences:** Unlimited @@ -1747,7 +1747,7 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | | type | Yes | *typeID* can be Registry, File, or Ini. If *typeId* is Ini, then you cannot have a space between *Path* and *object*. For example, the following is correct when type="Ini":
**<pattern type="Ini">%WinAmp5InstPath%\Winamp.ini|WinAmp[keeponscreen]</pattern>** | -| *Path* [*object*] | Yes | A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated.
  • *Path* can contain the asterisk (*) wildcard character or can be an [Recognized Environment Variables](usmt-recognized-environment-variables.md). You cannot use the question mark as a wildcard character.You can use HKCU and HKLM to refer to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE respectively.
  • *Object* can contain the asterisk () wildcard character. However, you cannot use the question mark as a wildcard character. For example:
    **`C:\Folder\ [*]`** enumerates all files in C:<em>Path* but no subfolders of C:\Folder.
    **`C:\Folder* [*]`** enumerates all files and subfolders of C:\Folder.
    **`C:\Folder\ [*.mp3]`** enumerates all .mp3 files in C:\Folder.
    **`C:\Folder\ [Sample.doc]`** enumerates only the Sample.doc file located in C:\Folder.
    **Note**
    If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
| +| *Path* [*object*] | Yes | A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated.
  • *Path* can contain the asterisk (`*`) wildcard character or can be an [Recognized Environment Variables](usmt-recognized-environment-variables.md). You cannot use the question mark as a wildcard character.You can use HKCU and HKLM to refer to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE respectively.
  • *Object* can contain the asterisk () wildcard character. However, you cannot use the question mark as a wildcard character. For example:
    **`C:\Folder\ [*]`** enumerates all files in C:<em>Path* but no subfolders of C:\Folder.
    **`C:\Folder* [*]`** enumerates all files and subfolders of C:\Folder.
    **`C:\Folder\ [*.mp3]`** enumerates all .mp3 files in C:\Folder.
    **`C:\Folder\ [Sample.doc]`** enumerates only the Sample.doc file located in C:\Folder.
    **Note**
    If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
| For example: @@ -1970,9 +1970,9 @@ For more examples of how to use this element, see [Exclude Files and Settings](u You can use the following functions with the <script> element -- [String and pattern generating functions](#stringgeneratingfunctions) +- [String and pattern generating functions](#string-and-pattern-generating-functions) -- [Simple executing scripts](#simple) +- [Simple executing scripts](#simple-executing-scripts) ### String and pattern generating functions @@ -2208,11 +2208,11 @@ The following .xml file excludes all .mp3 files from migration. For additional e The <variable> element is required in an <environment> element. For each <variable> element there must be one <objectSet>, <script>, or <text> element. The content of the <variable> element assigns a text value to the environment variable. This element has the following three options: -1. If the <variable> element contains a <text> element, then the value of the variable element will be the value of the <text> element. +1. If the <variable> element contains a <text> element, then the value of the variable element will be the value of the <text> element. -2. If the <variable> element contains a <script> element and the invocation of the script produces a non-null string, then the value of the <variable> element will be the result of the script invocation. +2. If the <variable> element contains a <script> element and the invocation of the script produces a non-null string, then the value of the <variable> element will be the result of the script invocation. -3. If the <variable> element contains an <objectSet> element and the evaluation of the <objectSet> element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element. +3. If the <variable> element contains an <objectSet> element and the evaluation of the <objectSet> element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element. - **Number of occurrences:** Unlimited diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md index 5f1c504072..e89befb18c 100644 --- a/windows/deployment/usmt/usmt-xml-reference.md +++ b/windows/deployment/usmt/usmt-xml-reference.md @@ -11,20 +11,20 @@ ms.topic: article ms.technology: itpro-deploy --- -# USMT XML Reference +# USMT XML reference -This section contains topics that you can use to work with and to customize the migration XML files. +This section contains articles that you can use to work with and to customize the migration XML files. -## In This Section +## In this section | Link | Description | |--- |--- | -|[Understanding Migration XML Files](understanding-migration-xml-files.md)|Provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file.| -|[Config.xml File](usmt-configxml-file.md)|Describes the Config.xml file and policies concerning its configuration.| -|[Customize USMT XML Files](usmt-customize-xml-files.md)|Describes how to customize USMT XML files.| -|[Custom XML Examples](usmt-custom-xml-examples.md)|Gives examples of XML files for various migration scenarios.| -|[Conflicts and Precedence](usmt-conflicts-and-precedence.md)|Describes the precedence of migration rules and how conflicts are handled.| -|[General Conventions](usmt-general-conventions.md)|Describes the XML helper functions.| -|[XML File Requirements](xml-file-requirements.md)|Describes the requirements for custom XML files.| -|[Recognized Environment Variables](usmt-recognized-environment-variables.md)|Describes environment variables recognized by USMT.| -|[XML Elements Library](usmt-xml-elements-library.md)|Describes the XML elements and helper functions for authoring migration XML files to use with USMT.| +|[Understanding migration XML files](understanding-migration-xml-files.md)|Provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file.| +|[Config.xml file](usmt-configxml-file.md)|Describes the Config.xml file and policies concerning its configuration.| +|[Customize USMT XML files](usmt-customize-xml-files.md)|Describes how to customize USMT XML files.| +|[Custom XML examples](usmt-custom-xml-examples.md)|Gives examples of XML files for various migration scenarios.| +|[Conflicts and precedence](usmt-conflicts-and-precedence.md)|Describes the precedence of migration rules and how conflicts are handled.| +|[General conventions](usmt-general-conventions.md)|Describes the XML helper functions.| +|[XML file requirements](xml-file-requirements.md)|Describes the requirements for custom XML files.| +|[Recognized environment variables](usmt-recognized-environment-variables.md)|Describes environment variables recognized by USMT.| +|[XML elements library](usmt-xml-elements-library.md)|Describes the XML elements and helper functions for authoring migration XML files to use with USMT.| diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md index 413aa0bcaa..38d39d3505 100644 --- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md +++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md @@ -1,6 +1,6 @@ --- title: Verify the Condition of a Compressed Migration Store (Windows 10) -description: Use these tips and tricks to verify the condition of a compressed migration store when using User State Migration Tool (USMT). +description: Use these tips and tricks to verify the condition of a compressed migration store when using User State Migration Tool (USMT). ms.reviewer: manager: aaroncz ms.author: frankroj @@ -11,116 +11,94 @@ ms.topic: article ms.technology: itpro-deploy --- -# Verify the Condition of a Compressed Migration Store - +# Verify the condition of a compressed migration store When you migrate files and settings during a typical PC-refresh migration, the user state is usually stored in a compressed folder on the intermediate store. This compressed folder, also called the compressed migration store, is a single image file that contains: -- All of the files being migrated. +- All of the files being migrated. -- The user’s settings. +- The user's settings. -- A catalog file that contains metadata for all files in the migration store. +- A catalog file that contains metadata for all files in the migration store. -When you run the **LoadState** command to load the data from these files to the destination computer, LoadState requires a valid catalog file in order to open the migration store. You can run the **UsmtUtils** command with the **/verify** option to determine whether the compressed migration store is intact, or whether it contains corrupted files or a corrupted catalog. You should run the **/verify** option on the migration store before you overwrite the original user-state files and settings. +When you run the `LoadState.exe` command to load the data from these files to the destination computer, **LoadState** requires a valid catalog file in order to open the migration store. You can run the `UsmtUtils.exe` command with the `/verify` option to determine whether the compressed migration store is intact, or whether it contains corrupted files or a corrupted catalog. You should run the `/verify` option on the migration store before you overwrite the original user-state files and settings. -When you use the **/verify** option, you can specify what type of information to report in the UsmtUtils log file. These report types are: +When you use the `/verify` option, you can specify what type of information to report in the **UsmtUtils** log file. These report types are: -- **Catalog**: Displays the status of only the catalog file. +- **Catalog**: Displays the status of only the catalog file. -- **All**: Displays the status of all files, including the catalog file. +- **All**: Displays the status of all files, including the catalog file. -- **Failure only**: Displays only the files that are corrupted. +- **Failure only**: Displays only the files that are corrupted. -## In This Topic +The following sections demonstrate how to run the `UsmtUtils.exe` command with the `/verify` option, and how to specify the information to display in the **UsmtUtils** log file. - -The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file. - -- [The UsmtUtils syntax for the /verify option](#bkmk-verifysyntax) - -- [To verify that the migration store is intact](#bkmk-verifyintactstore) - -- [To verify the status of only the catalog file](#bkmk-verifycatalog) - -- [To verify the status of all files](#bkmk-verifyallfiles) - -- [To verify the status of the files and return only the corrupted files](#bkmk-returncorrupted) - -### The UsmtUtils Syntax for the /verify Option +## The UsmtUtils syntax for the /verify option To verify the condition of a compressed migration store, use the following UsmtUtils syntax: -cd /d<USMTpath>usmtutils /verify\[:<reportType>\] <filePath> \[/l:<logfile>\] \[/decrypt \[:<AlgID>\] {/key:<keystring> | /keyfile:<filename>}\] +> usmtutils.exe /verify\[:<*reportType*>\] <*filePath*> \[/l:<*logfile*>\] \[/decrypt \[:<*AlgID*>\] {/key:<*keystring*> | /keyfile:<*filename*>}\] Where the placeholders have the following values: -- *<USMTpath>* is the location where you have saved the USMT files and tools. +- *<USMTpath>* is the location where you've saved the USMT files and tools. -- *<reportType>* specifies whether to report on all files, corrupted files only, or the status of the catalog. +- *<reportType>* specifies whether to report on all files, corrupted files only, or the status of the catalog. -- *<filePath>* is the location of the compressed migration store. +- *<filePath>* is the location of the compressed migration store. -- *<logfile>* is the location and name of the log file. +- *<logfile>* is the location and name of the log file. -- *<AlgID>* is the cryptographic algorithm that was used to create the migration store on the **ScanState** command line. +- *<AlgID>* is the cryptographic algorithm that was used to create the migration store on the `ScanState.exe` command line. -- *<keystring>* is the encryption key that was used to encrypt the migration store. +- *<keystring>* is the encryption key that was used to encrypt the migration store. -- *<filename>* is the location and name of the text file that contains the encryption key. +- *<filename>* is the location and name of the text file that contains the encryption key. -### To Verify that the Migration Store is Intact +## To verify that the migration store is intact -To verify whether the migration store is intact or whether it contains corrupted files or a corrupted catalog, type: +To verify whether the migration store is intact or whether it contains corrupted files or a corrupted catalog, enter: ``` syntax -usmtutils /verify D:\MyMigrationStore\store.mig +usmtutils.exe /verify D:\MyMigrationStore\store.mig ``` -Because no report type is specified, UsmtUtils displays the default summary report. +Because no report type is specified, **UsmtUtils** displays the default summary report. -### To Verify the Status of Only the Catalog File +## To verify the status of only the catalog file -To verify whether the catalog file is corrupted or intact, type: +To verify whether the catalog file is corrupted or intact, enter: ``` syntax -usmtutils /verify:catalog D:\MyMigrationStore\store.mig +usmtutils.exe /verify:catalog D:\MyMigrationStore\store.mig ``` -### To Verify the Status of all Files +## To verify the status of all files -To verify whether there are any corrupted files in the compressed migration store, and to specify the name and location of the log file, type: - -`usmtutils /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt` - -In addition to verifying the status of all files, this example decrypts the files. Because no encryption algorithm is specified, UsmtUtils uses the default 3DES cryptographic algorithm. - -### To Verify the Status of the Files and Return Only the Corrupted Files - -In this example, the log file will only list the files that became corrupted during the ScanState process. This list will include the catalog file if it is also corrupted. +To verify whether there are any corrupted files in the compressed migration store, and to specify the name and location of the log file, enter: ``` syntax -usmtutils /verify:failureonly D:\MyMigrationStore\USMT\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt +usmtutils.exe /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt` +``` + +In addition to verifying the status of all files, this example decrypts the files. Because no encryption algorithm is specified, **UsmtUtils** uses the default 3DES cryptographic algorithm. + +## To verify the status of the files and return only the corrupted files + +In this example, the log file will only list the files that became corrupted during the **ScanState** process. This list will include the catalog file if it's also corrupted. + +``` syntax +usmtutils.exe /verify:failureonly D:\MyMigrationStore\USMT\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt ``` This example also decrypts the files by specifying the cryptographic algorithm and the location of the file that contains the encryption key. -### Next Steps - -If the **/verify** option indicates that there are corrupted files in the migration store, you can use the **/extract** option in the UsmtUtils tool to recover data from some corrupted stores. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md). - -## Related topics - - -[UsmtUtils Syntax](usmt-utilities.md) - -[Return Codes](usmt-return-codes.md) - -  - -  - +## Next steps +If the `/verify` option indicates that there are corrupted files in the migration store, you can use the `/extract` option in the **UsmtUtils** tool to recover data from some corrupted stores. For more information, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md). +## Related articles +[UsmtUtils syntax](usmt-utilities.md) +[Return codes](usmt-return-codes.md) diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index 4a5c136f31..e717e950c9 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -11,37 +11,27 @@ ms.topic: article ms.technology: itpro-deploy --- -# XML File Requirements - +# XML file requirements When creating custom .xml files, note the following requirements: -- **The file must be in Unicode Transformation Format-8 (UTF-8).** Save the file in this format, and you must specify the following syntax at the beginning of each .xml file: +- **The file must be in Unicode Transformation Format-8 (UTF-8).** Save the file in this format, and you must specify the following syntax at the beginning of each .xml file: ``` xml ``` -- **The file must have a unique migration URL ID**. The URL ID of each file that you specify on the command line must be different. If two migration .xml files have the same URL ID, the second .xml file that is specified on the command line will not be processed. This is because USMT uses the URL ID to define the components within the file. For example, you must specify the following syntax at the beginning of each file: +- **The file must have a unique migration URL ID**. The URL ID of each file that you specify on the command line must be different. If two migration .xml files have the same URL ID, the second .xml file that is specified on the command line won't be processed. The second file won't be processed because USMT uses the URL ID to define the components within the file. For example, you must specify the following syntax at the beginning of each file: ``` xml ``` -- **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This condition is because the Config.xml file defines the components by the display name and the migration URL ID. For example, specify the following syntax: +- **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This condition is because the `Config.xml` file defines the components by the display name and the migration URL ID. For example, specify the following syntax: ``` xml My Application ``` -For examples of custom .xml files, see [Custom XML Examples](usmt-custom-xml-examples.md). - -  - -  - - - - - +For examples of custom .xml files, see [Custom XML examples](usmt-custom-xml-examples.md). From 95295e74e07ccc0077f1c146424f4b15eed5eed1 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Sat, 5 Nov 2022 01:02:25 -0400 Subject: [PATCH 025/108] Metadata update deployment/usmt 22 --- ...rted-with-the-user-state-migration-tool.md | 24 +- .../usmt/migration-store-types-overview.md | 2 +- .../usmt/offline-migration-reference.md | 10 +- .../usmt/understanding-migration-xml-files.md | 10 +- windows/deployment/usmt/usmt-common-issues.md | 16 +- .../usmt/usmt-customize-xml-files.md | 6 +- .../usmt/usmt-exclude-files-and-settings.md | 4 +- ...files-from-a-compressed-migration-store.md | 20 +- .../usmt/usmt-hard-link-migration-store.md | 14 +- .../deployment/usmt/usmt-loadstate-syntax.md | 28 +- windows/deployment/usmt/usmt-log-files.md | 2 +- .../usmt/usmt-migrate-user-accounts.md | 28 +- .../usmt/usmt-migration-store-encryption.md | 2 +- windows/deployment/usmt/usmt-requirements.md | 2 +- windows/deployment/usmt/usmt-return-codes.md | 6 +- .../deployment/usmt/usmt-scanstate-syntax.md | 28 +- .../usmt/usmt-technical-reference.md | 2 +- .../usmt/usmt-xml-elements-library.md | 381 +++++++++--------- windows/deployment/usmt/usmt-xml-reference.md | 2 +- ...ndition-of-a-compressed-migration-store.md | 10 +- 20 files changed, 300 insertions(+), 297 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 6877961d15..e603c984d4 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -34,7 +34,7 @@ This article outlines the general process that you should follow to migrate file 6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the `ScanState.exe` command. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: - `scanstate.exe /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scanstate.log` + `ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log` 7. Review the migration state of the components listed in the `Config.xml` file, and specify `migrate=no` for any components that you don't want to migrate. @@ -42,19 +42,19 @@ This article outlines the general process that you should follow to migrate file 1. Back up the source computer. -2. Close all applications. If some applications are running when you run the `Scanstate.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft® Office Outlook® is open, USMT might not migrate PST files. +2. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. > [!NOTE] > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail. -3. Run the `Scanstate.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `Scanstate.exe` command to use. For example, +3. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example, - `scanstate.exe \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log` + `ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log` > [!NOTE] - > If the source computer is running Windows 7, or Windows 8, you must run the `Scanstate.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `Scanstate.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). + > If the source computer is running Windows 7, or Windows 8, you must run the `ScanState.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `ScanState.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). -4. Run the `USMTUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted. +4. Run the `UsmtUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted. ## Step 3: Prepare the destination computer and restore files and settings @@ -63,20 +63,20 @@ This article outlines the general process that you should follow to migrate file 2. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved. > [!NOTE] - > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft® Office, which USMT can migrate from an older version to a newer version. + > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft Office, which USMT can migrate from an older version to a newer version. -3. Close all applications. If some applications are running when you run the `Loadstate.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. +3. Close all applications. If some applications are running when you run the `LoadState.exe ` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. > [!NOTE] > Use `/C` to continue your migration if errors are encountered, and use the `` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail. -4. Run the `Loadstate.exe` command on the destination computer. Specify the same set of .xml files that you specified when you used the `Scanstate.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `Loadstate.exe` command. Then, the `Loadstate.exe` command will migrate only the files and settings that you want to migrate. For more information about how the `Loadstate.exe` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). +4. Run the `LoadState.exe ` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe ` command. Then, the `LoadState.exe ` command will migrate only the files and settings that you want to migrate. For more information about how the `LoadState.exe ` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). For example, the following command migrates the files and settings: - `loadstate.exe \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` + `LoadState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:LoadState.log` > [!NOTE] - > Run the `Loadstate.exe` command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. + > Run the `LoadState.exe ` command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. -5. Sign out after you run the `Loadstate.exe` command. Some settings (for example, fonts, wallpaper, and screen saver settings) won't take effect until the next time that the user logs on. +5. Sign out after you run the `LoadState.exe ` command. Some settings (for example, fonts, wallpaper, and screen saver settings) won't take effect until the next time that the user logs on. diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index d2cc3a4ec4..7bb4a37792 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -41,7 +41,7 @@ The following flowchart illustrates the procedural differences between a local m If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. -If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share `C:\store` on the destination computer. Then run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store`. Then, run the `Loadstate.exe` command on the destination computer and specify `C:\Store` as the store location. By doing this process, you don't need to save the files to a server. +If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share `C:\store` on the destination computer. Then run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store`. Then, run the `LoadState.exe ` command on the destination computer and specify `C:\Store` as the store location. By doing this process, you don't need to save the files to a server. > [!IMPORTANT] > If possible, have users store their data within their `%UserProfile%\My Documents` and `%UserProfile%\Application Data` folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index b7ab0afb24..105327d3df 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Offline Migration Reference -Offline migration enables the ScanState tool to run inside a different Windows® operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios: +Offline migration enables the ScanState tool to run inside a different Windows operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios: - **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. @@ -41,7 +41,7 @@ The following user data and settings migrate offline, similar to an online migra - EFS files -- Internet Explorer® Favorites +- Internet Explorer Favorites For exceptions to what you can migrate offline, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) @@ -85,7 +85,7 @@ An offline migration can either be enabled by using a configuration file on the |Component|Option|Description| |--- |--- |--- | -|ScanState.exe|**/offline:***<path to offline.xml>*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.| +|ScanState.exe|**/offline:***<path to Offline.xml>*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.| |ScanState.exe|**/offlineWinDir:***<Windows directory>*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It's only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.| |ScanState.exe|**/OfflineWinOld:***<Windows.old directory>*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| @@ -98,11 +98,11 @@ The following system environment variables are necessary in the scenarios outlin |Variable|Value|Scenario| |--- |--- |--- | |USMT_WORKING_DIR|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command: 
Set USMT_WORKING_DIR=[path to working directory]
| -|MIG_OFFLINE_PLATFORM_ARCH|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `Scanstate.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| +|MIG_OFFLINE_PLATFORM_ARCH|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| ## Offline.xml elements -Use an `offline.xml` file when running the ScanState tool on a computer that has multiple Windows directories. The `offline.xml` file specifies which directories to scan for windows files. An `offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option. +Use an `Offline.xml` file when running the ScanState tool on a computer that has multiple Windows directories. The `Offline.xml` file specifies which directories to scan for windows files. An `Offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option. ### <offline> diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index c27d2109d8..e5d168b840 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -21,7 +21,7 @@ This article provides an overview of the default and custom migration XML files The `Config.xml` file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The `Config.xml` file can be used with other XML files, such as in the following example: -`scanstate.exe /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\Config.xml` +`ScanState.exe /i:migapps.xml /i:MigDocs.xml /genconfig:c:\myFolder\Config.xml` When used this way, the `Config.xml` file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the `Config.xml` file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). @@ -157,7 +157,7 @@ You can use multiple XML files with the ScanState and LoadState tools. Each of t |XML migration file|Modifies the following components:| |--- |--- | -|Config.xml file|Operating-system components such as desktop wallpaper and background theme.
You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| +|Config.xml file|Operating-system components such as desktop wallpaper and background theme.
You can also overload `Config.xml` to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| |MigApps.xml file|Applications settings.| |MigUser.xml or `MigDocs.xml` files|User files and profile settings.| |Custom XML files|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.| @@ -165,7 +165,7 @@ You can use multiple XML files with the ScanState and LoadState tools. Each of t For example, you can use all of the XML migration file types for a single migration, as in the following example: ```console -Scanstate.exe /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml +ScanState.exe /config:c:\myFolder\Config.xml /i:migapps.xml /i:MigDocs.xml /i:customrules.xml ``` ### XML rules for migrating user files @@ -196,14 +196,14 @@ To generate the XML migration rules file for a source computer: ```console cd /d - scanstate.exe /genmigxml: + ScanState.exe /genmigxml: ``` Where *<USMTpath>* is the location on your source computer where you've saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, enter: ```console cd /d c:\USMT - scanstate.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml" + ScanState.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml" ``` ### The GenerateDocPatterns function diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 23d35f65aa..3bc2e5875c 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -108,8 +108,8 @@ To remove encryption from files that have already been migrated incorrectly, you **Resolution:** You can use the `/mu` option when you run the **LoadState** tool to specify a new name for the user. For example, ``` syntax -loadstate.exe /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore -/progress:prog.log /l:load.log /mu:fareast\user1:farwest\user1 +LoadState.exe /i:MigApp.xml /i:MigDocs.xml \\server\share\migration\mystore +/progress:Progress.log /l:LoadState.log /mu:fareast\user1:farwest\user1 ``` ## Command-line problems @@ -126,19 +126,19 @@ The following sections describe common command-line problems. Expand the section **Cause:** If you're running the **ScanState** or **LoadState** tools from a shared network resource, you'll receive this error message if you don't specify `/l`. -**Resolution:** To fix this issue in this scenario, specify the `/l:scan.log` or `/l:load.log` option. +**Resolution:** To fix this issue in this scenario, specify the `/l:ScanState.log` or `/l:LoadState.log` option. ## XML file problems The following sections describe common XML file problems. Expand the section to see recommended solutions. -### I used the /genconfig option to create a Config.xml file, but I see only a few applications and components that are in MigApp.xml. Why does Config.xml not contain all of the same applications? +### I used the `/genconfig` option to create a `Config.xml` file, but I see only a few applications and components that are in `MigApp.xml`. Why does `Config.xml` not contain all of the same applications? **Cause:** `Config.xml` will contain only operating system components, applications, and the user document sections that are in both of the .xml files and are installed on the computer when you run the `/genconfig` option. Otherwise, these applications and components won't appear in the `Config.xml` file. **Resolution:** Install all of the desired applications on the computer before running the `/genconfig` option. Then run `ScanState.exe` with all of the .xml files. For example, run the following command: -`scanstate.exe /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:scanstate.log` +`ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:5 /l:ScanState.log` ### I'm having problems with a custom .xml file that I authored, and I can't verify that the syntax is correct @@ -194,7 +194,7 @@ There are three typical causes for this issue. **Resolution:** Run the **ScanState** and **LoadState** tools from within an account with administrative credentials. ---> -### I included MigApp.xml in the migration, but some PST files aren't migrating +### I included `MigApp.xml` in the migration, but some `PST` files aren't migrating **Cause:** The `MigApp.xml` file migrates only the PST files that are linked to Outlook profiles. @@ -247,7 +247,7 @@ The following sections describe common offline migration problems. Expand the se **Resolution:** Use a Security Identifier (SID) to include a user when running the **ScanState** tool. For example: ``` syntax -Scanstate.exe /ui:S1-5-21-124525095-708259637-1543119021* +ScanState.exe /ui:S1-5-21-124525095-708259637-1543119021* ``` The wild card (\*) at the end of the SID will migrate the *SID*\_Classes key as well. @@ -281,7 +281,7 @@ The following sections describe common hard-link migration problems. Expand the **Resolution:** Use the UsmtUtils tool to delete the store or change the store name. For example, at a command prompt, enter: ``` syntax -USMTutils.exe /rd +UsmtUtils.exe /rd ``` You should also reboot the machine. diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index b56b14a8f1..b7345bd127 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -78,15 +78,15 @@ In addition, note the following functionality with the `Config.xml` file: - The following command creates a `Config.xml` file in the current directory, but it doesn't create a store: - `scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:5` + `ScanState.exe /i:MigApp.xml /i:MigDocs.xml /genconfig:Config.xml /v:5` - The following command creates an encrypted store using the `Config.xml` file and the default migration .xml files: - `scanstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:5 /encrypt /key:"mykey"` + `ScanState.exe \\server\share\migration\mystore /i:MigApp.xml /i:MigDocs.xml /o /config:Config.xml /v:5 /encrypt /key:"mykey"` - The following command decrypts the store and migrates the files and settings: - `loadstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:5 /decrypt /key:"mykey"` + `LoadState.exe \\server\share\migration\mystore /i:MigApp.xml /i:MigDocs.xml /v:5 /decrypt /key:"mykey"` ## Additional information diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 0c67fe8a1b..3821597500 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -1,6 +1,6 @@ --- title: Exclude Files and Settings (Windows 10) -description: In this article, learn how to exclude files and settings when creating a custom .xml file and a config.xml file. +description: In this article, learn how to exclude files and settings when creating a custom .xml file and a Config.xml file. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Exclude files and settings -When you specify the migration .xml files, `MigApp.xml`, `Migdocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the user options on the command line in the ScanState tool. For more information, see the [User options](usmt-scanstate-syntax.md#user-options) section of the [ScanState syntax](usmt-scanstate-syntax.md) article. +When you specify the migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the user options on the command line in the ScanState tool. For more information, see the [User options](usmt-scanstate-syntax.md#user-options) section of the [ScanState syntax](usmt-scanstate-syntax.md) article. Methods to customize the migration and include and exclude files and settings include: diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index c1bb5f4ac4..20b48b006b 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Extract files from a compressed USMT migration store -When you migrate files and settings during a typical PC-refresh migration, you usually create a compressed migration store file on the intermediate store. This migration store is a single image file that contains all files being migrated as well as a catalog file. To protect the compressed file, you can encrypt it by using different encryption algorithms. When you migrate the file back to the source computer after the operating system is installed, you can run the **USMTUtils** command with the `/extract` option to recover the files from the compressed migration store. You can also use the **USMTUtils** command with the `/extract` option any time you need to recover data from a migration store. +When you migrate files and settings during a typical PC-refresh migration, you usually create a compressed migration store file on the intermediate store. This migration store is a single image file that contains all files being migrated as well as a catalog file. To protect the compressed file, you can encrypt it by using different encryption algorithms. When you migrate the file back to the source computer after the operating system is installed, you can run the **UsmtUtils** command with the `/extract` option to recover the files from the compressed migration store. You can also use the **UsmtUtils** command with the `/extract` option any time you need to recover data from a migration store. Options used with the `/extract` option can specify: @@ -25,12 +25,12 @@ Options used with the `/extract` option can specify: In addition, you can specify the file patterns that you want to extract by using the `/i` option to include file patterns or the `/e` option to exclude file patterns. When both the `/i` option and the `/e` option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the **ScanState** and **LoadState** tools. -### To run the USMTUtils tool with the /extract option +### To run the UsmtUtils tool with the /extract option -To extract files from the compressed migration store onto the destination computer, use the following USMTUtils syntax: +To extract files from the compressed migration store onto the destination computer, use the following UsmtUtils syntax: ``` syntax -usmtutils.exe /extract [/i:] [/e:] [/l:] [/decrypt[:] {/key: | /keyfile:}] [/o] +UsmtUtils.exe /extract [/i:] [/e:] [/l:] [/decrypt[:] {/key: | /keyfile:}] [/o] ``` Where the placeholders have the following values: @@ -45,7 +45,7 @@ Where the placeholders have the following values: - **<excludePattern>** specifies the pattern for the files to omit from the extraction. -- **<AlgID>** is the cryptographic algorithm that was used to create the migration store on the `scanstate.exe` command line. +- **<AlgID>** is the cryptographic algorithm that was used to create the migration store on the `ScanState.exe` command line. - **<logfile>** is the location and name of the log file. @@ -58,7 +58,7 @@ Where the placeholders have the following values: To extract everything from a compressed migration store to a file on the `C:\` drive, enter: ``` syntax -usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore +UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore ``` ### To extract specific file types from an encrypted compressed migration store @@ -66,7 +66,7 @@ usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore To extract specific files, such as `.txt` and `.pdf` files, from an encrypted compressed migration store, enter: ``` syntax -usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt +UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt ``` In this example, the file is encrypted and the encryption key is located in a text file called encryptionKey. @@ -76,7 +76,7 @@ In this example, the file is encrypted and the encryption key is located in a te To extract all files except for one file type, such as `.exe` files, from an encrypted compressed migration store, enter: ``` syntax -usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt +UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt ``` ### To extract file types using the include pattern and the exclude pattern @@ -84,14 +84,14 @@ usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedS To extract files from a compressed migration store, and to exclude files of one type (such as .exe files) while including only specific files, use both the include pattern and the exclude pattern, as in this example: ``` syntax -usmtutils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o +UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o ``` In this example, if there is a myProject.exe file, it will also be extracted because the include pattern option takes precedence over the exclude pattern option. ## Related articles -[USMTUtils syntax](usmt-utilities.md) +[UsmtUtils syntax](usmt-utilities.md) [Return codes](usmt-return-codes.md) diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index a43972cb9b..3ef9d3112b 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -42,12 +42,12 @@ When you create a hard link, you give an existing file one more path. For instan For more information about hard links, see [Hard Links and Junctions](/windows/win32/fileio/hard-links-and-junctions) -In most aspects, a hard-link migration store is identical to an uncompressed migration store. It's located where specified by the **Scanstate** command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store. However, as with creating the store, the same hard-link functionality is used to keep files in-place. +In most aspects, a hard-link migration store is identical to an uncompressed migration store. It's located where specified by the **ScanState.exe** command-line tool and you can view the contents of the store by using Windows Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store. However, as with creating the store, the same hard-link functionality is used to keep files in-place. -As a best practice, it is recommended that you delete the hard-link migration store after you confirm that the **Loadstate** tool has successfully migrated the files. Since **Loadstate** has created new paths to the files on the new installation of a Windows operating system, deleting the hard links in the migration store will only delete one path to the files, and won't delete the actual files or the paths to them from the new operating system. +As a best practice, it's recommended that you delete the hard-link migration store after you confirm that the **LoadState** tool has successfully migrated the files. Since **LoadState** has created new paths to the files on the new installation of a Windows operating system, deleting the hard links in the migration store will only delete one path to the files, and won't delete the actual files or the paths to them from the new operating system. > [!IMPORTANT] -> Using the `/c` option will force the **Loadstate** tool to continue applying files when non-fatal errors occur. If you use the `/c` option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. +> Using the `/c` option will force the **LoadState** tool to continue applying files when non-fatal errors occur. If you use the `/c` option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. Keeping the hard-link migration store can result in extra disk space being consumed or problems with some applications for the following reasons: @@ -86,13 +86,13 @@ The `/hardlink` command-line option proceeds with creating the migration store o ### Hard-link store size estimation -It isn't necessary to estimate the size of a hard-link migration store. Estimating the size of a migration store is only useful in scenarios where the migration store is large, and on NTFS volumes the hard-link migration store will require much less incremental space than other store options. The only case where the local store can be large is when non-NTFS file systems exist on the system and contain data being migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual. +It isn't necessary to estimate the size of a hard-link migration store since hard-link migration store on NTFS volumes will be relatively small and require much less incremental space than other store options. Estimating the size of a migration store is only useful in scenarios where the migration store is large. The only case where the local store can be large with hard-link migrations is when non-NTFS file systems exist on the system and the non-NTFS files system contain data that needs to be migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual. ### Migration store path on multiple volumes Separate hard-link migration stores are created on each NTFS volume that contain data being migrated. In this scenario, the primary migration-store location will be specified on the command line, and should be the operating-system volume. Migration stores with identical names and directory names will be created on every volume containing data being migrated. For example: -`Scanstate.exe /hardlink c:\USMTMIG […]` +`ScanState.exe /hardlink c:\USMTMIG […]` Running this command on a system that contains the operating system on the C: drive and the user data on the D: drive will generate migration stores in the following locations, assuming that both drives are NTFS: @@ -108,7 +108,7 @@ Location modifications that redirect migrated content from one volume to a diffe ### Migrating Encrypting File System (EFS) certificates and files -To migrate Encrypting File System (EFS) files to a new installation of an operating system on the same volume of the computer, specify the `/efs:hardlink` option in the `Scanstate.exe` command-line syntax. +To migrate Encrypting File System (EFS) files to a new installation of an operating system on the same volume of the computer, specify the `/efs:hardlink` option in the `ScanState.exe` command-line syntax. If the EFS files are being restored to a different partition, you should use the `/efs:copyraw` option instead of the `/efs:hardlink` option. Hard links can only be created for files on the same volume. Moving the files to another partition during the migration requires a copy of the files to be created on the new partition. The `/efs:copyraw` option will copy the files to the new partition in encrypted format. @@ -123,7 +123,7 @@ Files that are locked by the operating system can't remain in place and must be Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service isn't being utilized. The volume shadow-copy service can't be used with hard-link migrations. However, by modifying the new **<HardLinkStoreControl>** section in the `Config.xml` file, it's possible to enable the migration of files locked by an application. > [!IMPORTANT] -> There are some scenarios in which modifying the **<HardLinkStoreControl>** section in the `Config.xml` file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use `USMTutils.exe` to schedule the migration store for deletion on the next restart. +> There are some scenarios in which modifying the **<HardLinkStoreControl>** section in the `Config.xml` file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use `UsmtUtils.exe` to schedule the migration store for deletion on the next restart. ## XML elements in the Config.xml file diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index e70c3ef655..2571836634 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -38,14 +38,14 @@ This section explains the syntax and usage of the command-line options available The `LoadState.exe` command's syntax is: -> loadstate.exe *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\] +> LoadState.exe *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\] For example, to decrypt the store and migrate the files and settings to a computer, type the following command: -`loadstate.exe \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:13 /decrypt /key:"mykey"` +`LoadState.exe \\server\share\migration\mystore /i:MigApp.xml /i:MigDocs.xml /v:13 /decrypt /key:"mykey"` ## Storage options @@ -54,10 +54,10 @@ USMT provides the following options that you can use to specify how and where th | Command-Line Option | Description | |--- |--- | | **StorePath** | Indicates the folder where the files and settings data are stored. You must specify *StorePath* when using the `LoadState.exe` command. You can't specify more than one *StorePath*. | -| **/decrypt /key**:*KeyString*
or
**/decrypt /key**:"*Key String*"
or
**/decrypt /keyfile**:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you'll need to specify the encryption key in one of the following ways:
  • `/key`:*KeyString* specifies the encryption key. If there's a space in *KeyString*, you must surround the argument with quotation marks (`"`).
  • `/keyfile`:*FilePathAndName* specifies a text (`.txt`) file that contains the encryption key

*KeyString* can't exceed 256 characters.
The `/key` and `/keyfile` options can't be used on the same command line.
The `/decrypt` and `/nocompress` options can't be used on the same command line.
**Important**
Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `LoadState.exe` command with these options will also have access to the encryption key.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey` | +| **/decrypt /key**:*KeyString*
or
**/decrypt /key**:"*Key String*"
or
**/decrypt /keyfile**:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you'll need to specify the encryption key in one of the following ways:
  • `/key`:*KeyString* specifies the encryption key. If there's a space in *KeyString*, you must surround the argument with quotation marks (`"`).
  • `/keyfile`:*FilePathAndName* specifies a text (`.txt`) file that contains the encryption key

*KeyString* can't exceed 256 characters.
The `/key` and `/keyfile` options can't be used on the same command line.
The `/decrypt` and `/nocompress` options can't be used on the same command line.
**Important**
Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `LoadState.exe` command with these options will also have access to the encryption key.

For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /decrypt /key:mykey` | | **/decrypt**:*"encryption strength"* | The `/decrypt` option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | | **/hardlink** | Enables user-state data to be restored from a hard-link migration store. The `/nocompress` parameter must be specified with `/hardlink` option. | -| **/nocompress** | Specifies that the store isn't compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option can't be used with the `/decrypt` option.
For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /nocompress` | +| **/nocompress** | Specifies that the store isn't compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option can't be used with the `/decrypt` option.
For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /nocompress` | ## Migration rule options @@ -66,7 +66,7 @@ USMT provides the following options to specify what files you want to migrate. | Command-Line Option | Description | |--- |--- | | **/i**:[*Path*]*FileName* | **(include)**
Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (`MigApp.xml`, `MigSys.xml`, `MigDocs.xml` and any custom .xml files that you create). *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory.

For more information about which files to specify, see the "XML files" section of the [Frequently Asked Questions](usmt-faq.yml) article. | -| **/config**:[*Path*]*FileName* | Specifies the `Config.xml` file that the `LoadState.exe` command should use. You can't specify this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the *FileName* must be located in the current directory.

This example migrates the files and settings based on the rules in the `Config.xml`, `MigDocs.xml`, and `MigApp.xml` files:

`loadstate.exe \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log` | +| **/config**:[*Path*]*FileName* | Specifies the `Config.xml` file that the `LoadState.exe` command should use. You can't specify this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the *FileName* must be located in the current directory.

This example migrates the files and settings based on the rules in the `Config.xml`, `MigDocs.xml`, and `MigApp.xml` files:

`LoadState.exe \server\share\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:5 /l:LoadState.log` | | **/auto**:*"path to script files"* | This option enables you to specify the location of the default .xml files and then launch your migration. If no path is specified, USMT will use the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i:MigDocs.xml` `/i:MigApp.xml /v:5`. | ## Monitoring options @@ -76,8 +76,8 @@ USMT provides several command-line options that you can use to analyze problems | Command-Line Option | Description | |--- |--- | | **/l**:[*Path*]*FileName* | Specifies the location and name of the **LoadState** log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the log will be created in the current directory. You can specify the `/v` option to adjust the verbosity of the log.

If you run the `LoadState.exe` command from a shared network resource, you must specify the `l` option, or USMT will fail with the error:

***USMT was unable to create the log file(s)***

To fix this issue, make sure to specify the `/l` option when running `LoadState.exe` from a shared network resource. | -| **/v**:*``* | **(Verbosity)**

Enables verbose output in the **LoadState** log file. The default value is 0.
You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`loadstate.exe \server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml` | -| **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:loadlog.log` | +| **/v**:*``* | **(Verbosity)**

Enables verbose output in the **LoadState** log file. The default value is 0.
You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`LoadState.exe \server\share\migration\mystore /v:5 /i:MigDocs.xml /i:MigApp.xml` | +| **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /progress:Progress.log /l:loadlog.log` | | **/c** | When this option is specified, the `LoadState.exe` command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there's a large file that won't fit on the computer, the `LoadState.exe` command will log an error and continue with the migration. Without the `/c` option, the `LoadState.exe` command will exit on the first error. You can use the new <**ErrorControl**> section in the `Config.xml` file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This error control enables the `/c` command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the `/genconfig` option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the `Config.xml` file. | | **/r**:*``* | **(Retry)**

Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity isn't reliable.

While restoring the user state, the `/r` option won't recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | | **/w**:*``* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | @@ -91,12 +91,12 @@ By default, all users are migrated. The only way to specify which users to inclu |--- |--- | | **/all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to use the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. | | **/ui**:*DomainName UserName*
or
**/ui**:*"DomainName User Name"*
or
**/ui**:*ComputerName LocalUserName* | **(User include)**

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` option. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotations marks (`"`).

For example, to include only **User2** from the Corporate domain, enter:

`/ue:* /ui:corporate\user2`

**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | -| **/uel**:*``*
or
**/uel**:*``*
or
**/uel**:0 | **(User exclude based on last logon)**

Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the `ScanState.exe` command is run. You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed into another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.

Examples:
  • `/uel:0` migrates accounts that were logged on to the source computer when the `ScanState.exe` command was run.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose accounts have been modified within the last 24 hours.
  • `/uel:2020/2/15` migrates users who have logged on or whose accounts have been modified since February 15, 2020.

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0` | -| **/ue**:*DomainName\UserName*
or
**/ue** *"DomainName\User Name"*
or
**/ue**:*ComputerName\LocalUserName* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options but you can't use the `/ue` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`).

For example:
`loadstate.exe/i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1`
For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | -| **/md**:*OldDomain*:*NewDomain*
or
**/md**:*LocalComputerName:NewDomain* | **(Move domain)**

Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character.

You can specify this option more than once. You may want to specify multiple `/md` options if you're consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`.

If there are conflicts between two `/md` commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain.
**Note**
If you specify an *OldDomain* that didn't exist on the source computer, the `LoadState.exe` command will appear to complete successfully, without an error or warning. However, in this case, users won't be moved to *NewDomain* but will remain in their original domain. For example, if you misspell **contoso** and you instead specify **/md:contso:fabrikam**, the users will remain in **contoso** on the destination computer.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
` /progress:prog.log /l:load.log /md:contoso:fabrikam` | -| **/mu**:*OldDomain OldUserName*:[*NewDomain*]*NewUserName*
or
**/mu**:*OldLocalUserName*:*NewDomain NewUserName* | **(Move user)**

Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple `/mu` options. You can't use wildcard characters with this option.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /mu:contoso\user1:fabrikam\user1` | -| **/lac**:[*Password*] | **(Local account create)**

Specifies that if a user account is a local (non-domain) account, and it doesn't exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the `/lae` option.

If the `/lac` option isn't specified, any local user accounts that don't already exist on the destination computer won't be migrated.

*Password* is the password for the newly created account. An empty password is used by default.
**Caution**
Use the *Password* variable with caution because it's provided in plain text and can be obtained by anyone with access to the computer that is running the `LoadState.exe` command.
Also, if the computer has multiple users, all migrated users will have the same password.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | -| `/lae` | **(Local account enable)**

Enables the account that was created with the `/lac` option. You must specify the `/lac` option with this option.

For example:
`loadstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /lac:password /lae`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | +| **/uel**:*``*
or
**/uel**:*``*
or
**/uel**:0 | **(User exclude based on last logon)**

Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the `ScanState.exe` command is run. You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed into another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.

Examples:
  • `/uel:0` migrates accounts that were logged on to the source computer when the `ScanState.exe` command was run.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose accounts have been modified within the last 24 hours.
  • `/uel:2020/2/15` migrates users who have logged on or whose accounts have been modified since February 15, 2020.

For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /uel:0` | +| **/ue**:*DomainName\UserName*
or
**/ue** *"DomainName\User Name"*
or
**/ue**:*ComputerName\LocalUserName* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options but you can't use the `/ue` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`).

For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /ue:contoso\user1`
For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. | +| **/md**:*OldDomain*:*NewDomain*
or
**/md**:*LocalComputerName:NewDomain* | **(Move domain)**

Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character.

You can specify this option more than once. You may want to specify multiple `/md` options if you're consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`.

If there are conflicts between two `/md` commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain.
**Note**
If you specify an *OldDomain* that didn't exist on the source computer, the `LoadState.exe` command will appear to complete successfully, without an error or warning. However, in this case, users won't be moved to *NewDomain* but will remain in their original domain. For example, if you misspell **contoso** and you instead specify **/md:contso:fabrikam**, the users will remain in **contoso** on the destination computer.

For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore`
` /progress:Progress.log /l:LoadState.log /md:contoso:fabrikam` | +| **/mu**:*OldDomain OldUserName*:[*NewDomain*]*NewUserName*
or
**/mu**:*OldLocalUserName*:*NewDomain NewUserName* | **(Move user)**

Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple `/mu` options. You can't use wildcard characters with this option.

For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore`
`/progress:Progress.log /l:LoadState.log /mu:contoso\user1:fabrikam\user1` | +| **/lac**:[*Password*] | **(Local account create)**

Specifies that if a user account is a local (non-domain) account, and it doesn't exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the `/lae` option.

If the `/lac` option isn't specified, any local user accounts that don't already exist on the destination computer won't be migrated.

*Password* is the password for the newly created account. An empty password is used by default.
**Caution**
Use the *Password* variable with caution because it's provided in plain text and can be obtained by anyone with access to the computer that is running the `LoadState.exe` command.
Also, if the computer has multiple users, all migrated users will have the same password.

For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | +| `/lae` | **(Local account enable)**

Enables the account that was created with the `/lac` option. You must specify the `/lac` option with this option.

For example:
`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore`
`/progress:Progress.log /l:LoadState.log /lac:password /lae`

For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). | ### Examples for the /ui and /ue options diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 9398cfb280..49cb9e9da6 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -31,7 +31,7 @@ The following table describes each command-line option related to logs, and it p |Command line Option|File Name|Description| |--- |--- |--- | -|**/l**"*[Path]FileName*|`Scanstate.log` or `LoadState.log`|Specifies the path and file name of the **ScanState** log or **LoadState** log.| +|**/l**"*[Path]FileName*|`ScanState.exe.log` or `LoadState.log`|Specifies the path and file name of the **ScanState** log or **LoadState** log.| |**/progress**:*[Path]FileName*|Specifies the path and file name of the Progress log.|Provides information about the status of the migration, by percentage complete.| |**/v**:*[VerbosityLevel]*|Not applicable|See [Monitoring options](usmt-scanstate-syntax.md#monitoring-options) in [ScanState syntax](usmt-scanstate-syntax.md).| |**/listfiles**:*[Path]FileName*|Specifies the path and file name of the Listfiles log.|Provides a list of the files that were migrated.| diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index 4a3750a1f2..148ccbacad 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -13,7 +13,7 @@ ms.technology: itpro-deploy # Migrate User Accounts -By default, all users are migrated. The only way to specify which users to include and exclude is on the command line by using the User options. You can't specify users in the migration XML files or by using the Config.xml file. +By default, all users are migrated. The only way to specify which users to include and exclude is on the command line by using the User options. You can't specify users in the migration XML files or by using the `Config.xml` file. ## To migrate all user accounts and user settings @@ -21,24 +21,24 @@ Links to detailed explanations of commands are available in the [Related article 1. Sign into the source computer as an administrator. -2. Enter the following `scanstate.exe` command line in a command prompt window: +2. Enter the following `ScanState.exe` command line in a command prompt window: - `scanstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /o` + `ScanState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml /o` 3. Sign into the destination computer as an administrator. -4. Enter one of the following `loadstate.exe` command lines in a command prompt window: +4. Enter one of the following `LoadState.exe ` command lines in a command prompt window: - If you're migrating domain accounts, enter: ``` syntax - loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml + LoadState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml ``` - If you're migrating local accounts along with domain accounts, enter: ``` syntax - loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /lac /lae + LoadState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml /lac /lae ``` > [!NOTE] @@ -50,15 +50,15 @@ Links to detailed explanations of commands are available in the [Related article 1. Sign into the source computer as an administrator. -2. Enter the following `scanstate.exe` command line in a command prompt window: +2. Enter the following `ScanState.exe` command line in a command prompt window: - `scanstate.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:migdocs.xml /i:migapp.xml /o` + `ScanState.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml /o` 3. Sign into the destination computer as an administrator. -4. Enter the following `loadstate.exe` command line in a command prompt window: +4. Enter the following `LoadState.exe ` command line in a command prompt window: - `loadstate.exe \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml` + `LoadState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml` ## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain @@ -66,15 +66,15 @@ Links to detailed explanations of commands are available in the [Related article 1. Sign into the source computer as an administrator. -2. Enter the following `scanstate.exe` command line in a command prompt window: +2. Enter the following `ScanState.exe` command line in a command prompt window: - `scanstate.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:migdocs.xml /i:migapp.xml /o` + `ScanState.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:MigDocs.xml /i:MigApp.xml /o` 3. Sign into the destination computer as an administrator. -4. Enter the following `loadstate.exe` command line in a command prompt window: +4. Enter the following `LoadState.exe ` command line in a command prompt window: - `loadstate.exe \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:migdocs.xml /i:migapp.xml` + `LoadState.exe \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml` ## Related articles diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index bdbed437a0..b7896ba2dd 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -19,7 +19,7 @@ This article discusses User State Migration Tool (USMT) 10.0 options for migrati USMT enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES), in several bit-level options. AES is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data. -The encryption algorithm you choose must be specified for both the `ScanState.exe` and the `LoadState.exe` commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the `ScanState.exe` and the `LoadState.exe` command lines by using the `/encrypt`:*encryptionstrength* and the `/decrypt`:*encryptionstrength* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the `Usmtutils.exe` file to determine which encryption algorithms are available to the computers' locales before you begin the migration. +The encryption algorithm you choose must be specified for both the `ScanState.exe` and the `LoadState.exe` commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the `ScanState.exe` and the `LoadState.exe` command lines by using the `/encrypt`:*encryptionstrength* and the `/decrypt`:*encryptionstrength* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the `UsmtUtils.exe` file to determine which encryption algorithms are available to the computers' locales before you begin the migration. The following table describes the command-line encryption options in USMT. diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index 9fea9c01e5..d0f86bfc08 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -64,7 +64,7 @@ To open an elevated command prompt: ## Config.xml -### Specify the /c option and <ErrorControl> settings in the Config.xml file +### Specify the `/c` option and <ErrorControl> settings in the `Config.xml` file USMT will fail if it can't migrate a file or setting, unless you specify the `/c` option. When you specify the `/c` option, USMT logs an error each time it encounters a file that is in use that didn't migrate, but the migration won't be interrupted. In USMT, you can specify in the `Config.xml` file, which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **<ErrorControl>** element, see [Config.xml file](usmt-configxml-file.md#errorcontrol), [Log files](usmt-log-files.md), and [XML elements library](usmt-xml-elements-library.md). diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index a8904c9c4b..c2fbd59cd6 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -156,7 +156,7 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | | **Multiple Windows installations found** | Listfiles.txt couldn't be created. Verify that the location you specified for the creation of this file is valid. | -| **Software malfunction or unknown exception** | Check all loaded .xml files for errors, common error when using `/i` to load the Config.xml file. | +| **Software malfunction or unknown exception** | Check all loaded .xml files for errors, common error when using `/i` to load the `Config.xml` file. | | **Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries** | Verify that the offline input file is present and that it has valid entries. USMT couldn't find valid offline operating system. Verify your offline directory mapping. | ### 27: USMT_INVALID_STORE_LOCATION @@ -272,8 +272,8 @@ The following information lists each return code by numeric value, along with th | Error message | Troubleshooting, mitigation, workarounds | | --- | --- | -| **Error reading Config.xml** | Review ScanState log or LoadState log for details about command-line errors in the Config.xml file. | -| **File argument is invalid for /config** | Check the command line you used to load the Config.xml file. You can use online Help by typing `/?` on the command line. | +| **Error reading Config.xml** | Review ScanState log or LoadState log for details about command-line errors in the `Config.xml` file. | +| **File argument is invalid for /config** | Check the command line you used to load the `Config.xml` file. You can use online Help by typing `/?` on the command line. | ### 40: USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 8598c81042..b6105d7f11 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -39,15 +39,15 @@ This section explains the syntax and usage of the command-line options available The `ScanState.exe` command's syntax is: -> scanstate.exe \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\] +> ScanState.exe \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\] For example, to create a `Config.xml` file in the current directory, use: -`scanstate.exe /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13` +`ScanState.exe /i:MigApp.xml /i:MigDocs.xml /genconfig:Config.xml /v:13` To create an encrypted store using the `Config.xml` file and the default migration .xml files, use: -`scanstate.exe \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:13 /encrypt /key:"mykey"` +`ScanState.exe \\server\share\migration\mystore /i:MigApp.xml /i:MigDocs.xml /o /config:Config.xml /v:13 /encrypt /key:"mykey"` ## Storage options @@ -59,9 +59,9 @@ To create an encrypted store using the `Config.xml` file and the default migrati | **/o** | Required to overwrite any existing data in the migration store or `Config.xml` file. If not specified, the `ScanState.exe` command will fail if the migration store already contains data. You can't use this option more than once on a command line. | | **/vsc** | This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the **<ErrorControl>** section.

This option is only used with the **ScanState** executable file and can't be combined with the `/hardlink` option. | | **/hardlink** | Enables the creation of a hard-link migration store at the specified location. The `/nocompress` option must be specified with the `/hardlink` option. | -| **/encrypt** [{**/key:** *<KeyString>* | **/keyfile**:*<file>*]} | Encrypts the store with the specified key. Encryption is disabled by default. With this option, you'll need to specify the encryption key-in one of the following ways:
  • `/key`: *KeyString* specifies the encryption key. If there's a space in *KeyString*, you'll need to surround *KeyString* with quotation marks (`"`).
  • `/keyfile`: *FilePathAndName* specifies a text (`.txt`) file that contains the encryption key.

*KeyString* is recommended to be at least eight characters long, but it can't exceed 256 characters. The `/key` and `/keyfile` options can't be used on the same command line. The `/encrypt` and `/nocompress` options can't be used on the same command line.
**Important**
Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `ScanState.exe` command with these options will also have access to the encryption key.

The following example shows the `ScanState.exe` command and the `/key` option:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /encrypt /key:mykey` | +| **/encrypt** [{**/key:** *<KeyString>* | **/keyfile**:*<file>*]} | Encrypts the store with the specified key. Encryption is disabled by default. With this option, you'll need to specify the encryption key-in one of the following ways:
  • `/key`: *KeyString* specifies the encryption key. If there's a space in *KeyString*, you'll need to surround *KeyString* with quotation marks (`"`).
  • `/keyfile`: *FilePathAndName* specifies a text (`.txt`) file that contains the encryption key.

*KeyString* is recommended to be at least eight characters long, but it can't exceed 256 characters. The `/key` and `/keyfile` options can't be used on the same command line. The `/encrypt` and `/nocompress` options can't be used on the same command line.
**Important**
Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `ScanState.exe` command with these options will also have access to the encryption key.

The following example shows the `ScanState.exe` command and the `/key` option:
`ScanState.exe /i:MigDocs.xml /i:MigApp.xml \server\share\migration\mystore /encrypt /key:mykey` | | **/encrypt**:*<EncryptionStrength>* | The `/encrypt` option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | -| **/nocompress** | Disables compression of data and saves the files to a hidden folder named "File" at *StorePath*\USMT. Compression is enabled by default. Combining the `/nocompress` option with the `/hardlink` option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you're combining the `/nocompress` option with the `/hardlink` option.

The `/nocompress` and `/encrypt` options can't be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the `LoadState.exe` command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.

For example:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /nocompress` | +| **/nocompress** | Disables compression of data and saves the files to a hidden folder named "File" at *StorePath*\USMT. Compression is enabled by default. Combining the `/nocompress` option with the `/hardlink` option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you're combining the `/nocompress` option with the `/hardlink` option.

The `/nocompress` and `/encrypt` options can't be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the `LoadState.exe` command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.

For example:
`ScanState.exe /i:MigDocs.xml /i:MigApp.xml \server\share\migration\mystore /nocompress` | ## Run the ScanState command on an offline Windows system @@ -89,7 +89,7 @@ There are several benefits to running the `ScanState.exe` command on an offline |Command-Line Option|Definition| |--- |--- | -|**/offline:** *"path to an offline.xml file"*|This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.| +|**/offline:** *"path to an Offline.xml file"*|This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.| |**/offlinewindir:** *"path to a Windows directory"*|This option specifies the offline Windows directory that the `ScanState.exe` command gathers user state from. The offline directory can be Windows.old when you run the `ScanState.exe` command in Windows or a Windows directory when you run the `ScanState.exe` command in WinPE.| |**/offlinewinold:** *"Windows.old directory"*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| @@ -100,8 +100,8 @@ USMT provides the following options to specify what files you want to migrate. | Command-Line Option | Description | |-----|-----| | **/i:**[*Path*]*FileName* | **(include)**

Specifies an .xml file that contains rules that define what user, application, or system state to migrate. You can specify this option multiple times to include all of your .xml files (`MigApp.xml`, `MigDocs.xml`, and any custom .xml files that you create). *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the [Frequently asked questions](usmt-faq.yml) article. | -| **/genconfig:**[*Path*]*FileName* | (Generate **Config.xml**)

Generates the optional `Config.xml` file, but doesn't create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications, and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the **/i** option, when you specify this option.

After you create this file, you'll need to make use of it with the `ScanState.exe` command using the **/config** option.

The only options that you can specify with this option are the `/i`, `/v`, and `/l` options. You can't specify *StorePath*, because the `/genconfig` option doesn't create a store. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

Examples:
  • The following example creates a `Config.xml` file in the current directory:
    `scanstate.exe /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`
| -| **/config:**[*Path*]*FileName* | Specifies the `Config.xml` file that the `ScanState.exe` command should use to create the store. You can't use this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory.

The following example creates a store using the `Config.xml` file, `MigDocs.xml`, and `MigApp.xml` files:
`scanstate.exe \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log`

The following example migrates the files and settings to the destination computer using the `Config.xml`, `MigDocs.xml`, and `MigApp.xml` files:
`loadstate.exe \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` | +| **/genconfig:**[*Path*]*FileName* | (Generate **Config.xml**)

Generates the optional `Config.xml` file, but doesn't create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications, and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the **/i** option, when you specify this option.

After you create this file, you'll need to make use of it with the `ScanState.exe` command using the **/config** option.

The only options that you can specify with this option are the `/i`, `/v`, and `/l` options. You can't specify *StorePath*, because the `/genconfig` option doesn't create a store. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

Examples:
  • The following example creates a `Config.xml` file in the current directory:
    `ScanState.exe /i:MigApp.xml /i:MigDocs.xml /genconfig:Config.xml /v:13`
| +| **/config:**[*Path*]*FileName* | Specifies the `Config.xml` file that the `ScanState.exe` command should use to create the store. You can't use this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory.

The following example creates a store using the `Config.xml` file, `MigDocs.xml`, and `MigApp.xml` files:
`ScanState.exe \server\share\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log`

The following example migrates the files and settings to the destination computer using the `Config.xml`, `MigDocs.xml`, and `MigApp.xml` files:
`LoadState.exe \server\share\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:LoadState.log` | | **/auto:** *path to script files* | This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i: MigDocs.xml /i:MigApp.xml /v:5`. | | **/genmigxml:** *path to a file* | This option specifies that the `ScanState.exe` command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the `ScanState.exe` command is running. | | **/targetwindows8** | Optimizes `ScanState.exe` when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command-line option in the following scenarios:
  • **To create a `Config.xml` file by using the `/genconfig` option.** Using the `/targetwindows8` option optimizes the `Config.xml` file so that it only contains components that relate to Windows 8 or Windows 8.1.
  • **To create a migration store.** Using the `/targetwindows8` option ensures that the **ScanState** tool gathers the correct set of operating system settings. Without the `/targetwindows8` command-line option, some settings can be lost during the migration.
| @@ -119,12 +119,12 @@ USMT provides several options that you can use to analyze problems that occur du |-----|-----| | **/listfiles**:<FileName> | You can use the `/listfiles` command-line option with the `ScanState.exe` command to generate a text file that lists all of the files included in the migration. | | **/l:**[*Path*]*FileName* | Specifies the location and name of the **ScanState** log.

You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the log will be created in the current directory. You can use the `/v` option to adjust the amount of output.

If you run the `ScanState.exe` command from a shared network resource, you must specify the `/l` option, or USMT will fail with the following error:

***USMT was unable to create the log file(s)***

To fix this issue, make sure to specify the `/l` option when running `ScanState.exe` from a shared network resource. | -| **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the **ScanState** log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`scanstate.exe \server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml`| -| **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`scanstate.exe /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log` | +| **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the **ScanState** log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`ScanState.exe \server\share\migration\mystore /v:13 /i:MigDocs.xml /i:MigApp.xml`| +| **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`ScanState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /progress:Progress.log /l:scanlog.log` | | **/c** | When this option is specified, the `ScanState.exe` command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there's a large file that won't fit in the store, the `ScanState.exe` command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the `/c` option, the `ScanState.exe` command will exit on the first error.

You can use the new <**ErrorControl**> section in the `Config.xml` file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This advantage in the `Config.xml` file enables the `/c` command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /`genconfig` option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the `Config.xml` file. | | **/r:***<TimesToRetry>* | **(Retry)**

Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity isn't reliable.

While storing the user state, the `/r` option won't be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | | **/w:***<SecondsBeforeRetry>* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | -| **/p:***<pathToFile>* | When the `ScanState.exe` command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:
`Scanstate.exe C:\MigrationLocation [additional parameters]`
`/p:"C:\MigrationStoreSize.xml"`

For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).

To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the `/p` option, without specifying *"pathtoafile"*, in USMT. If you specify only the `/p` option, the storage space estimations are created in the same manner as with USMT3.x releases. | +| **/p:***<pathToFile>* | When the `ScanState.exe` command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:
`ScanState.exe C:\MigrationLocation [additional parameters]`
`/p:"C:\MigrationStoreSize.xml"`

For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).

To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the `/p` option, without specifying *"pathtoafile"*, in USMT. If you specify only the `/p` option, the storage space estimations are created in the same manner as with USMT3.x releases. | | **/?** or **/help** | Displays Help at the command line. | ## User options @@ -135,8 +135,8 @@ By default, all users are migrated. The only way to specify which users to inclu |-----|-----| | **/all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to specify the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. | | **/ui**:*<DomainName>*\*<UserName>*
or
**/ui**:*<ComputerName>*\*<LocalUserName>* | **(User include)**

Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` or `/uel` options. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`).
**Note**
If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.

For example:
  • To include only **User2** from the Fabrikam domain, enter:

    `/ue:*\* /ui:fabrikam\user2`

  • To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, enter:

    `/uel:30 /ui:fabrikam\*`

    In this example, a user account from the Contoso domain that was last modified two months ago won't be migrated.

For more examples, see the descriptions of the `/ue` and `/ui` options in this table. | -| **/uel**:*<NumberOfDays>*
or
**/uel**:*<YYYY/MM/DD>*
or
**/uel:0** | **(User exclude based on last logon)**

Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the `ScanState.exe` command is run.

You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed in to another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.
  • `/uel:0` migrates any users who are currently logged on.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose account has been modified within the last 24 hours.
  • `/uel:2020/2/15` migrates users who have logged on or been modified February 15, 2020 or afterwards.

For example:
`scanstate.exe /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0` | -| **/ue**:*<DomainName>*\*<UserName>*
-or-

**/ue**:*<ComputerName>*\*<LocalUserName>* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options. You can't use this option with the `/all` option. *<DomainName>* and *<UserName>* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks (`"`).

For example:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1` | +| **/uel**:*<NumberOfDays>*
or
**/uel**:*<YYYY/MM/DD>*
or
**/uel:0** | **(User exclude based on last logon)**

Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the `ScanState.exe` command is run.

You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed in to another computer, that sign-in instance isn't considered by USMT.
**Note**
The `/uel` option isn't valid in offline migrations.
  • `/uel:0` migrates any users who are currently logged on.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose account has been modified within the last 24 hours.
  • `/uel:2020/2/15` migrates users who have logged on or been modified February 15, 2020 or afterwards.

For example:
`ScanState.exe /i:MigApp.xml /i:MigDocs.xml \\server\share\migration\mystore /uel:0` | +| **/ue**:*<DomainName>*\*<UserName>*
-or-

**/ue**:*<ComputerName>*\*<LocalUserName>* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple `/ue` options. You can't use this option with the `/all` option. *<DomainName>* and *<UserName>* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks (`"`).

For example:
`ScanState.exe /i:MigDocs.xml /i:MigApp.xml \\server\share\migration\mystore /ue:contoso\user1` | ## How to use /ui and /ue @@ -184,7 +184,7 @@ For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs- | **/efs:abort** | Causes the `ScanState.exe` command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default. | | **/efs:skip** | Causes the `ScanState.exe` command to ignore EFS files. | | **/efs:decryptcopy** | Causes the `ScanState.exe` command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file can't be decrypted. If the `ScanState.exe` command succeeds, the file will be unencrypted in the migration store, and once you run the `LoadState.exe` command, the file will be copied to the destination computer. | -| **/efs:copyraw** | Causes the `ScanState.exe` command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an `/efs` option. Therefore you should specify the `/efs:copyraw` option with the `ScanState.exe` command to migrate the encrypted file. Then, when you run the `LoadState.exe` command, the encrypted file and the EFS certificate will be automatically migrated.

For example:
`scanstate.exe /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /efs:copyraw`
**Important**
All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the **LoadState** tool. For more information, see [Migrate EFS files and certificates](usmt-migrate-efs-files-and-certificates.md).
| +| **/efs:copyraw** | Causes the `ScanState.exe` command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an `/efs` option. Therefore you should specify the `/efs:copyraw` option with the `ScanState.exe` command to migrate the encrypted file. Then, when you run the `LoadState.exe` command, the encrypted file and the EFS certificate will be automatically migrated.

For example:
`ScanState.exe /i:MigDocs.xml /i:MigApp.xml \server\share\migration\mystore /efs:copyraw`
**Important**
All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the **LoadState** tool. For more information, see [Migrate EFS files and certificates](usmt-migrate-efs-files-and-certificates.md).
| ## Incompatible command-line options diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index 2504eabb75..09ed7e6290 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -32,7 +32,7 @@ USMT includes three command-line tools: USMT also includes a set of three modifiable .xml files: -- MigApp.xml +- `MigApp.xml` - MigDocs.xml - MigUser.xml diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index 240033409e..e686dbb4b4 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -27,15 +27,15 @@ The following table describes the XML elements and helper functions you can use ## <addObjects> -The <addObjects> element emulates the existence of one or more objects on the source computer. The child <object> elements provide the details of the emulated objects. If the content is a <script> element, the result of the invocation will be an array of objects. +The **<addObjects>** element emulates the existence of one or more objects on the source computer. The child **<object>** elements provide the details of the emulated objects. If the content is a <script> element, the result of the invocation will be an array of objects. - **Number of occurrences:** unlimited - **Parent elements:** [<rules>](#rules) -- **Required child elements:** [<object>](#object) In addition, you must specify [<location>](#location) and [<attribute>](#attributes) as child elements of this <object> element. +- **Required child elements:** [<object>](#object) In addition, you must specify [<location>](#location) and [<attribute>](#attributes) as child elements of this **<object>** element. -- **Optional child elements:** [<conditions>](#conditions), <condition>, [<script>](#script) +- **Optional child elements:** [<conditions>](#conditions), [<condition>](#condition), [<script>](#script) Syntax: @@ -44,7 +44,7 @@ Syntax: ``` -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml @@ -63,9 +63,9 @@ The following example is from the MigApp.xml file: ## <attributes> -The <attributes> element defines the attributes for a registry key or file. +The **<attributes>** element defines the attributes for a registry key or file. -- **Number of occurrences:** once for each <object> +- **Number of occurrences:** once for each [<object>](#object) - **Parent elements:** [<object>](#object) @@ -81,7 +81,7 @@ Syntax: |------|-----|----| | *Content* | Yes | The content depends on the type of object specified.
  • For files, the content can be a string containing any of the following attributes separated by commas:
    • Archive
    • Read-only
    • System
    • Hidden
  • For registry keys, the content can be one of the following types:
    • None
    • String
    • ExpandString
    • Binary
    • Dword
    • REG_SZ
| -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml @@ -93,7 +93,7 @@ The following example is from the MigApp.xml file: ## <bytes> -You must specify the <bytes> element only for files because, if <location> corresponds to a registry key or a directory, then <bytes> will be ignored. +You must specify the **<bytes>** element only for files because, if **<location>** corresponds to a registry key or a directory, then **<bytes>** will be ignored. - **Number of occurrences:** zero or one @@ -110,10 +110,10 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | |string|No, default is No|Determines whether *Content* should be interpreted as a string or as bytes.| -|expand|No (default = Yes|When the expand parameter is Yes, the content of the <bytes> element is first expanded in the context of the source computer and then interpreted.| -|*Content*|Yes|Depends on the value of the string.
  • When the string is Yes: the content of the <bytes> element is interpreted as a string.
  • When the string is No: the content of the <bytes> element is interpreted as bytes. Each two characters represent the hexadecimal value of a byte. For example, "616263" is the representation for the "abc" ANSI string. A complete representation of the UNICODE string "abc" including the string terminator would be: "6100620063000000".
| +|expand|No (default = Yes|When the expand parameter is **Yes**, the content of the **<bytes>** element is first expanded in the context of the source computer and then interpreted.| +|*Content*|Yes|Depends on the value of the string.
  • When the string is **Yes**: the content of the **<bytes>** element is interpreted as a string.
  • When the string is **No**: the content of the **<bytes>** element is interpreted as bytes. Each two characters represent the hexadecimal value of a byte. For example, `616263` is the representation for the `abc` ANSI string. A complete representation of the UNICODE string `abc` including the string terminator would be: `6100620063000000`.
| -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml @@ -125,13 +125,13 @@ The following example is from the MigApp.xml file: ## <commandLine> -You might want to use the <commandLine> element if you want to start or stop a service or application before or after you run the ScanState and LoadState tools. +You might want to use the **<commandLine>** element if you want to start or stop a service or application before or after you run the **ScanState** and **LoadState** tools. - **Number of occurrences:** unlimited - **Parent elements:** [<externalProcess>](#externalprocess) -- **Child elements:** none**** +- **Child elements:** none Syntax: @@ -145,9 +145,12 @@ Syntax: ## <component> -The <component> element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the MigApp.xml file, "Microsoft® Office 2003" is a component that contains another component, "Microsoft Office Access® 2003". You can use the child elements to define the component. +The **<component>** element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the `MigApp.xml` file, "Microsoft Office 2003" is a component that contains another component, "Microsoft Office Access 2003". You can use the child elements to define the component. -A component can be nested inside another component; that is, the <component> element can be a child of the <role> element within the <component> element in two cases: 1) when the parent <component> element is a container or 2) if the child <component> element has the same role as the parent <component> element. +A component can be nested inside another component; that is, the **<component>** element can be a child of the **<role>** element within the **<component>** element in two cases: + +1. When the parent **<component>** element is a container +2. If the child **<component>** element has the same role as the parent **<component>** element. - **Number of occurrences:** Unlimited @@ -167,26 +170,26 @@ hidden="Yes|No"> |Setting|Required?|Value| |--- |--- |--- | -| type | Yes | You can use the following to group settings, and define the type of the component.
  • **System:** Operating system settings. All Windows® components are defined by this type.
    When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that is specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name. Otherwise, the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.
  • **Application:** Settings for an application.
  • **Device:** Settings for a device.
  • **Documents:** Specifies files.
| -| context | No
Default = UserAndSystem | Defines the scope of this parameter; that is, whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the <component> element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it has a context of User. If a <rules> element has a context of System, it would act as though the <rules> element is not there.
  • **User**. Evaluates the component for each user.
  • **System**. Evaluates the component only once for the system.
  • **UserAndSystem**. Evaluates the component for the entire operating system and each user.
| -| defaultSupported | No
(default = TRUE) | Can be any of TRUE, FALSE, YES, or NO. If this parameter is FALSE (or NO), the component will not be migrated unless there is an equivalent component on the destination computer.
When type="System" and defaultSupported="FALSE" the settings will not migrate unless there is an equivalent component in the .xml files that are specified on the LoadState command line. For example, the default MigSys.xml file contains components with type="System" and defaultSupported="FALSE". If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name or the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers. | +| type | Yes | You can use the following to group settings, and define the type of the component.
  • **System:** Operating system settings. All Windows components are defined by this type.
    When **type="System"** and **defaultSupported="FALSE"** the settings will not migrate unless there is an equivalent component in the .xml files that is specified on the `LoadState.exe` command line. For example, the default `MigSys.xml` file contains components with **type="System"** and **defaultSupported="FALSE"**. If you specify this file on the `ScanState.exe` command line, you must also specify the file on the `LoadState.exe` command line for the settings to migrate. This is because the `LoadState.exe` tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name. Otherwise, the **LoadState** tool will not migrate those settings from the store. This is helpful because you can use the same store for destination computers that are the same version of Windows and a different version of Windows as the source computer.
  • **Application:** Settings for an application.
  • **Device:** Settings for a device.
  • **Documents:** Specifies files.
| +| context | No
Default = UserAndSystem | Defines the scope of this parameter; that is, whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the **<component>** element. For example, if a **<component>** element has a context of **User** and a **<rules>** element had a context of **UserAndSystem**, then the **<rules>** element would act as though it has a context of **User**. If a **<rules>** element has a context of **System**, it would act as though the **<rules>** element is not there.
  • **User**: Evaluates the component for each user.
  • **System**: Evaluates the component only once for the system.
  • **UserAndSystem**: Evaluates the component for the entire operating system and each user.
| +| defaultSupported | No
(default = TRUE) | Can be any of **TRUE**, **FALSE**, **YES**, or **NO**. If this parameter is **FALSE** (or **NO**), the component will not be migrated unless there is an equivalent component on the destination computer.
When **type="System"** and **defaultSupported="FALSE"** the settings will not migrate unless there is an equivalent component in the .xml files that are specified on the `LoadState.exe` command line. For example, the default `MigSys.xml` file contains components with **type="System"** and **defaultSupported="FALSE"**. If you specify this file on the `ScanState.exe` command line, you must also specify the file on the `LoadState.exe` command line for the settings to migrate. This is because the **LoadState** tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name or the **LoadState** tool will not migrate those settings from the store. This is helpful because you can use the same store for destination computers that are the same version of Windows and a different version of Windows as the source computer. | | hidden | | This parameter is for internal USMT use only. | For an example, see any of the default migration .xml files. ## <condition> -Although the <condition> element under the <detect>, <objectSet>, and <addObjects> elements is supported, we recommend that you do not use it. This element might be deprecated in future versions of USMT, requiring you to rewrite your scripts. We recommend that, if you need to use a condition within the <objectSet> and <addObjects> elements, you use the more powerful [<conditions>](#conditions) element, which allows you to formulate complex Boolean statements. +Although the **<condition>** element under the **<detect>**, **<objectSet>**, and **<addObjects>** elements is still supported, it is recommend to no longer use the **<condition>** element because it may be deprecated in future versions of USMT. If the **<condition>** element were depecated, it would require a rewrite of any scripts that use the **<condition>** element. Instead, if you need to use a condition within the **<objectSet>** and **<addObjects>** elements, it is recommended to use the more powerful **[<conditions>](#conditions)** element. The **<conditions>** element allows for formulation of complex Boolean statements. -The <condition> element has a Boolean result. You can use this element to specify the conditions in which the parent element will be evaluated. If any of the present conditions return FALSE, the parent element will not be evaluated. +The **<condition>** element has a Boolean result. You can use this element to specify the conditions in which the parent element will be evaluated. If any of the present conditions return **FALSE**, the parent element will not be evaluated. - **Number of occurrences:** unlimited. -- **Parent elements:** [<conditions>](#conditions), <detect>, <objectSet>, <addObjects> +- **Parent elements:** [<conditions>](#conditions), [<detect>](#detect), [<objectSet>](#objectset), [<addObjects>](#addobjects) - **Child elements:** none -- **Helper functions:** You can use the following [<condition> functions](#condition-functions) with this element: DoesOSMatch, IsNative64Bit(), IsOSLaterThan, IsOSEarlierThan, DoesObjectExist, DoesFileVersionMatch, IsFileVersionAbove, IsFileVersionBelow, IsSystemContext, DoesStringContentEqual, DoesStringContentContain, IsSameObject, IsSameContent, and IsSameStringContent. +- **Helper functions:** You can use the following [<condition> functions](#condition-functions) with this element: `DoesOSMatch`, `IsNative64Bit()`, `IsOSLaterThan`, `IsOSEarlierThan`, `DoesObjectExist`, `DoesFileVersionMatch`, `IsFileVersionAbove`, `IsFileVersionBelow`, `IsSystemContext`, `DoesStringContentEqual`, `DoesStringContentContain`, `IsSameObject`, `IsSameContent`, and `IsSameStringContent`. Syntax: @@ -196,12 +199,12 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -|negation|No
Default = No|"Yes" reverses the True/False value of the condition.| +|negation|No
Default = No|**"Yes"** reverses the True/False value of the condition.| |*ScriptName*|Yes|A script that has been defined within this migration section.| For example, -In the code sample below, the <condition> elements, A and B, are joined together by the AND operator because they are in separate <conditions> sections. For example: +In the code sample below, the **<condition>** elements, A and B, are joined together by the **AND** operator because they are in separate **<conditions>** sections. For example: ```xml @@ -214,7 +217,7 @@ In the code sample below, the <condition> elements, A and B, are joined to ``` -However, in the code sample below, the <condition> elements, A and B, are joined together by the OR operator because they are in the same <conditions> section. +However, in the code sample below, the **<condition>** elements, **A** and **B**, are joined together by the **OR** operator because they are in the same **<conditions>** section. ```xml @@ -227,7 +230,7 @@ However, in the code sample below, the <condition> elements, A and B, are ### <condition> functions -The <condition> functions return a Boolean value. You can use these elements in <addObjects> conditions. +The **<condition>** functions return a Boolean value. You can use these elements in **<addObjects>** conditions. - [Operating system version functions](#operating-system-version-functions) @@ -243,7 +246,7 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | - |*OSType*|Yes|The only valid value for this setting is **NT**. Note, however, that you must set this setting for the <condition> functions to work correctly.| + |*OSType*|Yes|The only valid value for this setting is **NT**. Note, however, that you must set this setting for the **<condition>** functions to work correctly.| |*OSVersion*|Yes|The major version, minor version, build number and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version with a pattern. For example, `5.0.*`.| For example: @@ -254,7 +257,7 @@ The <condition> functions return a Boolean value. You can use these elemen - **IsNative64Bit** - The IsNative64Bit function returns TRUE if the migration process is running as a native 64-bit process; that is, a process running on a 64-bit system without Windows on Windows (WOW). Otherwise, it returns FALSE. + The **IsNative64Bit** function returns **TRUE** if the migration process is running as a native 64-bit process; that is, a process running on a 64-bit system without Windows on Windows (WOW). Otherwise, it returns **FALSE**. - **IsOSLaterThan** @@ -264,8 +267,8 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | - |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and *OSType* is "9x", the result will be FALSE.| - |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`.

The IsOSLaterThan function returns TRUE if the current operating system is later than or equal to *OSVersion*.| + |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns **FALSE**. For example, if the current operating system is Windows NT-based and *OSType* is **"9x"**, the result will be **FALSE**.| + |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`.

The **IsOSLaterThan** function returns **TRUE** if the current operating system is later than or equal to *OSVersion*.| For example: @@ -281,23 +284,23 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | - |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and *OSType* is "9x" the result will be FALSE.| - |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`.

The IsOSEarlierThan function returns TRUE if the current operating system is earlier than *OSVersion*.| + |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns **FALSE**. For example, if the current operating system is Windows NT-based and *OSType* is **"9x"** the result will be **FALSE**.| + |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`.

The **IsOSEarlierThan** function returns **TRUE** if the current operating system is earlier than *OSVersion*.| ### Object content functions - **DoesObjectExist** - The DoesObjectExist function returns TRUE if any object exists that matches the location pattern. Otherwise, it returns FALSE. The location pattern is expanded before attempting the enumeration. + The DoesObjectExist function returns **TRUE** if any object exists that matches the location pattern. Otherwise, it returns **FALSE**. The location pattern is expanded before attempting the enumeration. Syntax: `DoesObjectExist("ObjectType","EncodedLocationPattern")` |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the object type. Can be File or Registry.| - |*EncodedLocationPattern*|Yes|The [location pattern](#specifying-locations). Environment variables are allowed.| + |*EncodedLocationPattern*|Yes|The **[location pattern](#specifying-locations)**. Environment variables are allowed.| - For an example of this element, see the MigApp.xml file. + For an example of this element, see the `MigApp.xml` file. - **DoesFileVersionMatch** @@ -307,8 +310,8 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | - |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| - |*VersionTag*|Yes|The [version tag](#valid-version-tags) value that will be checked.| + |*EncodedFileLocation*|Yes|The **[location pattern](#specifying-locations)** for the file that will be checked. Environment variables are allowed.| + |*VersionTag*|Yes|The **[version tag](#valid-version-tags)** value that will be checked.| |*VersionValue*|Yes|A string pattern. For example, "Microsoft*".| For example: @@ -319,14 +322,14 @@ The <condition> functions return a Boolean value. You can use these elemen - **IsFileVersionAbove** - The IsFileVersionAbove function returns TRUE if the version of the file is higher than *VersionValue*. + The **IsFileVersionAbove** function returns **TRUE** if the version of the file is higher than *VersionValue*. Syntax: `IsFileVersionAbove("EncodedFileLocation","VersionTag","VersionValue")` |Setting|Required?|Value| |--- |--- |--- | - |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| - |*VersionTag*|Yes|The [version tag](#valid-version-tags) value that will be checked.| + |*EncodedFileLocation*|Yes|The **[location pattern](#specifying-locations)** for the file that will be checked. Environment variables are allowed.| + |*VersionTag*|Yes|The **[version tag](#valid-version-tags)** value that will be checked.| |*VersionValue*|Yes|The value to compare to. You cannot specify a pattern.| - **IsFileVersionBelow** @@ -335,26 +338,26 @@ The <condition> functions return a Boolean value. You can use these elemen |Setting|Required?|Value| |--- |--- |--- | - |*EncodedFileLocation*|Yes|The [location pattern](#specifying-locations) for the file that will be checked. Environment variables are allowed.| - |*VersionTag*|Yes|The [version tag](#valid-version-tags) value that will be checked.| + |*EncodedFileLocation*|Yes|The **[location pattern](#specifying-locations)** for the file that will be checked. Environment variables are allowed.| + |*VersionTag*|Yes|The **[version tag](#valid-version-tags)** value that will be checked.| |*VersionValue*|Yes|The value to compare to. You cannot specify a pattern.| - **IsSystemContext** - The IsSystemContext function returns TRUE if the current context is "System". Otherwise, it returns FALSE. + The **IsSystemContext** function returns **TRUE** if the current context is **"System"**. Otherwise, it returns **FALSE**. Syntax: `IsSystemContext()` - **DoesStringContentEqual** - The DoesStringContentEqual function returns TRUE if the string representation of the given object is identical to `StringContent`. + The **DoesStringContentEqual** function returns **TRUE** if the string representation of the given object is identical to `StringContent`. Syntax: `DoesStringContentEqual("ObjectType","EncodedLocation","StringContent")` |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.| - |*EncodedLocationPattern*|Yes|The [encoded location](#specifying-locations) for the object that will be examined. You can specify environment variables.| + |*EncodedLocationPattern*|Yes|The **[encoded location](#specifying-locations)** for the object that will be examined. You can specify environment variables.| |StringContent|Yes|The string that will be checked against.| For example: @@ -365,27 +368,27 @@ The <condition> functions return a Boolean value. You can use these elemen - **DoesStringContentContain** - The DoesStringContentContain function returns TRUE if there is at least one occurrence of *StrToFind* in the string representation of the object. + The **DoesStringContentContain** function returns **TRUE** if there is at least one occurrence of *StrToFind* in the string representation of the object. Syntax: `DoesStringContentContain("ObjectType","EncodedLocation","StrToFind")` |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.| - |*EncodedLocationPattern*|Yes|The [encoded location](#specifying-locations) for the object that will be examined. You can specify environment variables.| + |*EncodedLocationPattern*|Yes|The **[encoded location](#specifying-locations)** for the object that will be examined. You can specify environment variables.| |*StrToFind*|Yes|A string that will be searched inside the content of the given object.| - **IsSameObject** - The IsSameObject function returns TRUE if the given encoded locations resolve to the same physical object. Otherwise, it returns FALSE. + The **IsSameObject** function returns **TRUE** if the given encoded locations resolve to the same physical object. Otherwise, it returns **FALSE**. Syntax: `IsSameObject("ObjectType","EncodedLocation1","EncodedLocation2")` |Setting|Required?|Value| |--- |--- |--- | |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.| - |*EncodedLocation1*|Yes|The [encoded location](#specifying-locations) for the first object. You can specify environment variables.| - |*EncodedLocation2*|Yes|The [encoded location](#specifying-locations) for the second object. You can specify environment variables.| + |*EncodedLocation1*|Yes|The **[encoded location](#specifying-locations)** for the first object. You can specify environment variables.| + |*EncodedLocation2*|Yes|The **[encoded location](#specifying-locations)** for the second object. You can specify environment variables.| For example: @@ -398,35 +401,35 @@ The <condition> functions return a Boolean value. You can use these elemen - **IsSameContent** - The IsSameContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be compared byte by byte. + The **IsSameContent** function returns **TRUE** if the given objects have the same content. Otherwise, it returns **FALSE**. The content will be compared byte by byte. Syntax: `IsSameContent("ObjectType1","EncodedLocation1","ObjectType2","EncodedLocation2")` |Setting|Required?|Value| |--- |--- |--- | |*ObjectType1*|Yes|Defines the type of the first object. Can be File or Registry.| - |*EncodedLocation1*|Yes|The [encoded location](#specifying-locations) for the first object. You can specify environment variables.| + |*EncodedLocation1*|Yes|The **[encoded location](#specifying-locations)** for the first object. You can specify environment variables.| |*ObjectType2*|Yes|Defines the type of the second object. Can be File or Registry.| - |*EncodedLocation2*|Yes|The [encoded location](#specifying-locations) for the second object. You can specify environment variables.| + |*EncodedLocation2*|Yes|The **[encoded location](#specifying-locations)** for the second object. You can specify environment variables.| - **IsSameStringContent** - The IsSameStringContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be interpreted as a string. + The **IsSameStringContent** function returns **TRUE** if the given objects have the same content. Otherwise, it returns **FALSE**. The content will be interpreted as a string. Syntax: `IsSameStringContent("ObjectType1","EncodedLocation1","ObjectType2","EncodedLocation2")` |Setting|Required?|Value| |--- |--- |--- | |*ObjectType1*|Yes|Defines the type of the first object. Can be File or Registry.| - |*EncodedLocation1*|Yes|The [encoded location](#specifying-locations) for the first object. You can specify environment variables.| + |*EncodedLocation1*|Yes|The **[encoded location](#specifying-locations)** for the first object. You can specify environment variables.| |*ObjectType2*|Yes|Defines the type of the second object. Can be File or Registry.| - |*EncodedLocation2*|Yes|The [encoded location](#specifying-locations) for the second object. You can specify environment variables.| + |*EncodedLocation2*|Yes|The **[encoded location](#specifying-locations)** for the second object. You can specify environment variables.| ## <conditions> -The <conditions> element returns a Boolean result that is used to specify the conditions in which the parent element is evaluated. USMT evaluates the child elements, and then joins their results using the operators AND or OR according to the **operation** parameter. +The **<conditions>** element returns a Boolean result that is used to specify the conditions in which the parent element is evaluated. USMT evaluates the child elements, and then joins their results using the operators **AND** or **OR** according to the operation parameter. -- **Number of occurrences:** Unlimited inside another <conditions> element. Limited to one occurrence in [<detection>](#detection), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) +- **Number of occurrences:** Unlimited inside another **<conditions>** element. Limited to one occurrence in [<detection>](#detection), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) - **Parent elements:** [<conditions>](#conditions), [<detection>](#detection), [<environment>](#environment), [<rules>](#rules), [<addObjects>](#addobjects), and [<objectSet>](#objectset) @@ -443,7 +446,7 @@ Syntax: |--- |--- |--- | |operation|No, default = AND|Defines the Boolean operation that is performed on the results that are obtained from the child elements.| -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml @@ -458,7 +461,7 @@ The following example is from the MigApp.xml file: ## <content> -You can use the <content> element to specify a list of object patterns to obtain an object set from the source computer. Each <objectSet> within a <content> element is evaluated. For each resulting object pattern list, the objects that match it are enumerated and their content is filtered by the filter parameter. The resulting string array is the output for the <content> element. The filter script returns an array of locations. The parent <objectSet> element can contain multiple child <content> elements. +You can use the **<content>** element to specify a list of object patterns to obtain an object set from the source computer. Each **<objectSet>** within a **<content>** element is evaluated. For each resulting object pattern list, the objects that match it are enumerated and their content is filtered by the filter parameter. The resulting string array is the output for the **<content>** element. The filter script returns an array of locations. The parent **<objectSet>** element can contain multiple child **<content>** elements. - **Number of occurrences:** unlimited @@ -466,7 +469,7 @@ You can use the <content> element to specify a list of object patterns to - **Child elements:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<content> functions](#content-functions) with this element: ExtractSingleFile, ExtractMultipleFiles, and ExtractDirectory. +- **Helper functions:** You can use the following [<content> functions](#content-functions) with this element: `ExtractSingleFile`, `ExtractMultipleFiles`, and `ExtractDirectory`. Syntax: @@ -477,22 +480,22 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -|filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script is called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| +|filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script is called for each object that is enumerated by the object sets in the **<include>** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.| ### <content> functions -The following functions generate patterns out of the content of an object. These functions are called for every object that the parent <ObjectSet> element is enumerating. +The following functions generate patterns out of the content of an object. These functions are called for every object that the parent **<ObjectSet>** element is enumerating. - **ExtractSingleFile** - If the registry value is a MULTI-SZ, only the first segment is processed. The returned pattern is the encoded location for a file that must exist on the system. If the specification is correct in the registry value, but the file does not exist, this function returns NULL. + If the registry value is a **MULTI-SZ**, only the first segment is processed. The returned pattern is the encoded location for a file that must exist on the system. If the specification is correct in the registry value, but the file does not exist, this function returns **NULL**. Syntax: `ExtractSingleFile(Separators,PathHints)` |Setting|Required?|Value| |--- |--- |--- | - |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. You can specify NULL.| - |*PathHints*|Yes|A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.| + |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is **"C:\Windows\Notepad.exe,-2"**, the separator is a comma. You can specify **NULL**.| + |*PathHints*|Yes|A list of extra paths, separated by colons (`;`), where the function will look for a file matching the current content. For example, if the content is **"Notepad.exe"** and the path is the **%Path%** environment variable, the function will find **Notepad.exe** in `%windir%` and returns **"c:\Windows [Notepad.exe]"**. You can specify **NULL**.| For example: @@ -508,7 +511,7 @@ The following functions generate patterns out of the content of an object. These - **ExtractMultipleFiles** - The ExtractMultipleFiles function returns multiple patterns, one for each file that is found in the content of the given registry value. If the registry value is a MULTI-SZ, the MULTI-SZ separator is considered a separator by default. therefore, for MULTI-SZ, the <Separators> argument must be NULL. + The **ExtractMultipleFiles** function returns multiple patterns, one for each file that is found in the content of the given registry value. If the registry value is a **MULTI-SZ**, the **MULTI-SZ** separator is considered a separator by default. therefore, for **MULTI-SZ**, the **<Separators>** argument must be **NULL**. The returned patterns are the encoded locations for files that must exist on the source computer. If the specification is correct in the registry value but the file does not exist, it will not be included in the resulting list. @@ -516,18 +519,18 @@ The following functions generate patterns out of the content of an object. These |Setting|Required?|Value| |--- |--- |--- | - |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. This parameter must be NULL when processing MULTI-SZ registry values.| - |*PathHints*|Yes|A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.| + |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is **"C:\Windows\Notepad.exe,-2"**, the separator is a comma. This parameter must be NULL when processing **MULTI-SZ** registry values.| + |*PathHints*|Yes|A list of extra paths, separated by colons (`;`), where the function will look for a file matching the current content. For example, if the content is **"Notepad.exe"** and the path is the **%Path%** environment variable, the function will find **Notepad.exe** in `%windir%` and returns **"c:\Windows [Notepad.exe]"**. You can specify **NULL**.| - **ExtractDirectory** - The ExtractDirectory function returns a pattern that is the encoded location for a directory that must exist on the source computer. If the specification is correct in the registry value, but the directory does not exist, this function returns NULL. If it is processing a registry value that is a MULTI-SZ, only the first segment will be processed. + The **ExtractDirectory** function returns a pattern that is the encoded location for a directory that must exist on the source computer. If the specification is correct in the registry value, but the directory does not exist, this function returns **NULL**. If it is processing a registry value that is a **MULTI-SZ**, only the first segment will be processed. Syntax: `ExtractDirectory(Separators,LevelsToTrim,PatternSuffix)` |Setting|Required?|Value| |--- |--- |--- | - |*Separators*|No|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. You must specify NULL when processing MULTI-SZ registry values.| + |*Separators*|No|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is **"C:\Windows\Notepad.exe,-2"**, the separator is a comma. You must specify **NULL** when processing **MULTI-SZ** registry values.| |*LevelsToTrim*|Yes|The number of levels to delete from the end of the directory specification. Use this function to extract a root directory when you have a registry value that points inside that root directory in a known location.| |*PatternSuffix*|Yes|The pattern to add to the directory specification. For example, `* [*]`.| @@ -545,7 +548,7 @@ The following functions generate patterns out of the content of an object. These ## <contentModify> -The <contentModify> element modifies the content of an object before it is written to the destination computer. For each <contentModify> element there can be multiple <objectSet> elements. This element returns the new content of the object that is being processed. +The **<contentModify>** element modifies the content of an object before it is written to the destination computer. For each **<contentModify>** element there can be multiple **<objectSet>** elements. This element returns the new content of the object that is being processed. - **Number of occurrences:** Unlimited @@ -553,7 +556,7 @@ The <contentModify> element modifies the content of an object before it is - **Required child elements:** [<objectSet>](#objectset) -- **Helper functions**: You can use the following [<contentModify> functions](#contentmodify-functions) with this element: ConvertToDWORD, ConvertToString, ConvertToBinary, KeepExisting, OffsetValue, SetValueByTable, MergeMultiSzContent, and MergeDelimitedContent. +- **Helper functions**: You can use the following [<contentModify> functions](#contentmodify-functions) with this element: **ConvertToDWORD**, **ConvertToString**, **ConvertToBinary**, **KeepExisting**, **OffsetValue**, **SetValueByTable**, **MergeMultiSzContent**, and **MergeDelimitedContent**. Syntax: @@ -564,31 +567,31 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2").`

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| +|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2").`

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.| ### <contentModify> functions -The following functions change the content of objects as they are migrated. These functions are called for every object that the parent <ObjectSet> element is enumerating. +The following functions change the content of objects as they are migrated. These functions are called for every object that the parent **<ObjectSet>** element is enumerating. - **ConvertToDWORD** - The ConvertToDWORD function converts the content of registry values that are enumerated by the parent <ObjectSet> element to a DWORD. For example, ConvertToDWORD will convert the string "1" to the DWORD 0x00000001. If the conversion fails, then the value of DefaultValueOnError will be applied. + The **ConvertToDWORD** function converts the content of registry values that are enumerated by the parent **<ObjectSet>** element to a DWORD. For example, **ConvertToDWORD** will convert the string `"1"` to the DWORD `0x00000001`. If the conversion fails, then the value of **DefaultValueOnError** will be applied. Syntax: `ConvertToDWORD(DefaultValueOnError)` |Setting|Required?|Value| |--- |--- |--- | - |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.| + |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify **NULL**, and `0` will be written if the conversion fails.| - **ConvertToString** - The ConvertToString function converts the content of registry values that match the parent <ObjectSet> element to a string. For example, it will convert the DWORD 0x00000001 to the string "1". If the conversion fails, then the value of DefaultValueOnError will be applied. + The **ConvertToString** function converts the content of registry values that match the parent **<ObjectSet>** element to a string. For example, it will convert the DWORD `0x00000001` to the string **"1"**. If the conversion fails, then the value of **DefaultValueOnError** will be applied. Syntax: `ConvertToString(DefaultValueOnError)` |Setting|Required?|Value| |--- |--- |--- | - |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.| + |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify **NULL**, and `0` will be written if the conversion fails.| For example: @@ -602,13 +605,13 @@ The following functions change the content of objects as they are migrated. Thes - **ConvertToBinary** - The ConvertToBinary function converts the content of registry values that match the parent <ObjectSet> element to a binary type. + The **ConvertToBinary** function converts the content of registry values that match the parent **<ObjectSet>** element to a binary type. Syntax: `ConvertToBinary ()` - **OffsetValue** - The OffsetValue function adds or subtracts *Value* from the value of the migrated object, and then writes the result back into the registry value on the destination computer. For example, if the migrated object is a DWORD with a value of 14, and the *Value* is "-2", the registry value will be 12 on the destination computer. + The **OffsetValue** function adds or subtracts *Value* from the value of the migrated object, and then writes the result back into the registry value on the destination computer. For example, if the migrated object is a DWORD with a value of `14`, and the *Value* is **"-2"**, the registry value will be `12` on the destination computer. Syntax: `OffsetValue(Value)` @@ -618,7 +621,7 @@ The following functions change the content of objects as they are migrated. Thes - **SetValueByTable** - The SetValueByTable function matches the value from the source computer to the source table. If the value is there, the equivalent value in the destination table will be applied. If the value is not there, or if the destination table has no equivalent value, the *DefaultValueOnError* will be applied. + The **SetValueByTable** function matches the value from the source computer to the source table. If the value is there, the equivalent value in the destination table will be applied. If the value is not there, or if the destination table has no equivalent value, the *DefaultValueOnError* will be applied. Syntax: `SetValueByTable(SourceTable,DestinationTable,DefaultValueOnError)` @@ -626,21 +629,21 @@ The following functions change the content of objects as they are migrated. Thes |--- |--- |--- | |*SourceTable*|Yes|A list of values separated by commas that are possible for the source registry values.| |*DestinationTable*|No|A list of translated values separated by commas.| - |*DefaultValueOnError*|No|The value that will be applied to the destination computer if either 1) the value for the source computer does not match *SourceTable*, or 2) *DestinationTable* has no equivalent value.

If DefaultValueOnError is NULL, the value will not be changed on the destination computer.| + |*DefaultValueOnError*|No|The value that will be applied to the destination computer if either
  1. The value for the source computer does not match *SourceTable*
  2. *DestinationTable* has no equivalent value.

If **DefaultValueOnError** is **NULL**, the value will not be changed on the destination computer.| - **KeepExisting** - You can use the KeepExisting function when there are conflicts on the destination computer. This function will keep (not overwrite) the specified attributes for the object that is on the destination computer. + You can use the **KeepExisting** function when there are conflicts on the destination computer. This function will keep (not overwrite) the specified attributes for the object that is on the destination computer. Syntax: `KeepExisting("OptionString","OptionString","OptionString",…)` |Setting|Required?|Value| |--- |--- |--- | - | *OptionString* | Yes | *OptionString* can be **Security**, **TimeFields**, or **FileAttrib**:*Letter*. You can specify one of each type of *OptionStrings*. Do not specify multiple *OptionStrings* with the same value. If you do, the right-most option of that type will be kept. For example, do not specify **("FileAttrib:H", "FileAttrib:R")** because only Read-only will be evaluated. Instead specify **("FileAttrib:HR")** and both Hidden and Read-only attributes will be kept on the destination computer.
  • **Security**. Keeps the destination object's security descriptor if it exists.
  • **TimeFields**. Keeps the destination object's time stamps. This parameter is for files only.
  • **FileAttrib:** *Letter*. Keeps the destination object's attribute value, either On or OFF, for the specified set of file attributes. This parameter is for files only. The following are case-insensitive, but USMT will ignore any values that are invalid, repeated, or if there is a space after "FileAttrib:". You can specify any combination of the following attributes:
    • **A** = Archive
    • **C** = Compressed
    • **E** = Encrypted
    • **H** = Hidden
    • **I** = Not Content Indexed
    • **O** = Offline
    • **R** = Read-Only
    • **S** = System
    • **T** = Temporary
| + | *OptionString* | Yes | *OptionString* can be **Security**, **TimeFields**, or **FileAttrib**:*Letter*. You can specify one of each type of *OptionStrings*. Do not specify multiple *OptionStrings* with the same value. If you do, the right-most option of that type will be kept. For example, do not specify **("FileAttrib:H", "FileAttrib:R")** because only Read-only will be evaluated. Instead specify **("FileAttrib:HR")** and both Hidden and Read-only attributes will be kept on the destination computer.
  • **Security**: Keeps the destination object's security descriptor if it exists.
  • **TimeFields**: Keeps the destination object's time stamps. This parameter is for files only.
  • **FileAttrib:<Letter>**: Keeps the destination object's attribute value, either **ON** or **OFF**, for the specified set of file attributes. This parameter is for files only. The following are case-insensitive, but USMT will ignore any values that are invalid, repeated, or if there is a space after **FileAttrib:**. You can specify any combination of the following attributes:
    • **A** = Archive
    • **C** = Compressed
    • **E** = Encrypted
    • **H** = Hidden
    • **I** = Not Content Indexed
    • **O** = Offline
    • **R** = Read-Only
    • **S** = System
    • **T** = Temporary
| - **MergeMultiSzContent** - The MergeMultiSzContent function merges the MULTI-SZ content of the registry values that are enumerated by the parent <ObjectSet> element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and `String` either remove or add content to the resulting MULTI-SZ. Duplicate elements will be removed. + The **MergeMultiSzContent** function merges the **MULTI-SZ** content of the registry values that are enumerated by the parent **<ObjectSet>** element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and `String` either remove or add content to the resulting **MULTI-SZ**. Duplicate elements will be removed. Syntax: `MergeMultiSzContent (Instruction,String,Instruction,String,…)` @@ -651,19 +654,19 @@ The following functions change the content of objects as they are migrated. Thes - **MergeDelimitedContent** - The MergeDelimitedContent function merges the content of the registry values that are enumerated by the parent <ObjectSet> element with the content of the equivalent registry values that already exist on the destination computer. The content is considered a list of elements separated by one of the characters in the Delimiters parameter. Duplicate elements will be removed. + The **MergeDelimitedContent** function merges the content of the registry values that are enumerated by the parent **<ObjectSet>** element with the content of the equivalent registry values that already exist on the destination computer. The content is considered a list of elements separated by one of the characters in the Delimiters parameter. Duplicate elements will be removed. Syntax: `MergeDelimitedContent(Delimiters,Instruction,String,…)` |Setting|Required?|Value| |--- |--- |--- | - | *Delimiters* | Yes | A single character that will be used to separate the content of the object that is being processed. The content will be considered as a list of elements that is separated by the *Delimiters*.
For example, "." will separate the string based on a period. | - | *Instruction* | Yes | Can one of the following:
  • **Add.** Adds *String* to the resulting MULTI-SZ if it is not already there.
  • **Remove.** Removes *String* from the resulting MULTI-SZ.
| + | *Delimiters* | Yes | A single character that will be used to separate the content of the object that is being processed. The content will be considered as a list of elements that is separated by the *Delimiters*.
For example, `"."` will separate the string based on a period. | + | *Instruction* | Yes | Can be one of the following:
  • **Add**: Adds *String* to the resulting MULTI-SZ if it is not already there.
  • **Remove**: Removes *String* from the resulting MULTI-SZ.
| | *String* | Yes | The string to be added or removed. | ## <description> -The <description> element defines a description for the component but does not affect the migration. +The **<description>** element defines a description for the component but does not affect the migration. - **Number of occurrences:** zero or one @@ -689,12 +692,12 @@ The following code sample shows how the <description> element defines the ## <destinationCleanup> -The <destinationCleanup> element deletes objects, such as files and registry keys, from the destination computer before applying the objects from the source computer. This element is evaluated only when the LoadState tool is run on the destination computer. That is, this element is ignored by the ScanState tool. +The **<destinationCleanup>** element deletes objects, such as files and registry keys, from the destination computer before applying the objects from the source computer. This element is evaluated only when the **LoadState** tool is run on the destination computer. That is, this element is ignored by the **ScanState** tool. > [!IMPORTANT] > Use this option with extreme caution because it will delete objects from the destination computer. -For each <destinationCleanup> element there can be multiple <objectSet> elements. A common use for this element is if there is a missing registry key on the source computer and you want to ensure that a component is migrated. In this case, you can delete all of the component's registry keys before migrating the source registry keys. This will ensure that if there is a missing key on the source computer, it will also be missing on the destination computer. +For each **<destinationCleanup>** element there can be multiple **<objectSet>** elements. A common use for this element is if there is a missing registry key on the source computer and you want to ensure that a component is migrated. In this case, you can delete all of the component's registry keys before migrating the source registry keys. This will ensure that if there is a missing key on the source computer, it will also be missing on the destination computer. - **Number of occurrences:** Unlimited @@ -711,7 +714,7 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -|filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| +|filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.| For example: @@ -726,15 +729,15 @@ For example: ## <detect> -Although the <detect> element is still supported, we do not recommend using it because it may be deprecated in future versions of USMT. In that case, you would have to rewrite your scripts. Instead, we recommend that you use the [<detection>](#detection)**element.** +Although the **<detect>** element is still supported, it is recommend to no longer use the **<detect>** element because it may be deprecated in future versions of USMT. If the **<detect>** element were depecated, it would require a rewrite of any scripts that use the **<detect>** element. Instead, it is recommend to use the **[<detection>](#detection)** element. The **<detection>** element allows for more clearly formulated complex Boolean statements -You use the <detect> element to determine if the component is present on a system. If all child <detect> elements within a <detect> element resolve to TRUE, then the <detect> element resolves to TRUE. If any child <detect> elements resolve to FALSE, then their parent <detect> element resolves to FALSE. If there is no <detect> element section, then USMT will assume that the component is present. +The **<detect>** element can be used to determine if the component is present on a system. If all child **<detect>** elements within a **<detect>** element resolve to **TRUE**, then the **<detect>** element resolves to **TRUE**. If any child **<detect>** elements resolve to **FALSE**, then their parent **<detect>** element resolves to **FALSE**. If there is no **<detect>** element section, then USMT will assume that the component is present. -For each <detect> element there can be multiple child <condition> or <objectSet> elements, which will be logically joined by an OR operator. If at least one <condition> or <objectSet> element evaluates to TRUE, then the <detect> element evaluates to TRUE. +For each **<detect>** element there can be multiple child **<condition>** or **<objectSet>** elements, which will be logically joined by an **OR** operator. If at least one **<condition>** or **<objectSet>** element evaluates to **TRUE**, then the **<detect>** element evaluates to **TRUE**. - **Number of occurrences:** unlimited -- **Parent elements:** <detects>, [<namedElements>](#namedelements) +- **Parent elements:** [<detects>](#detects), [<namedElements>](#namedelements) - **Required child elements:** [<condition>](#condition) @@ -749,16 +752,16 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -| name | Yes, when <detect> is a child to <namedElements>
No, when <detect> is a child to <detects> | When *ID* is specified, any child elements are not processed. Instead, any other <detect> elements with the same name that are declared within the <namedElements> element are processed. | -| context | No
(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the component element. For example, if a <component> element has a context of User, and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though the <rules> element were not there.
  • **User.** Evaluates the variables for each user.
  • **System.** Evaluates the variables only once for the system.
  • **UserAndSystem.** Evaluates the variables for the entire operating system and each user.
| +| name | Yes, when **<detect>** is a child to **<namedElements>**
No, when **<detect>** is a child to <detects> | When *ID* is specified, any child elements are not processed. Instead, any other **<detect>** elements with the same name that are declared within the **<namedElements>** element are processed. | +| context | No
(default = UserAndSystem) | Defines the scope of this parameter which are whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the component element. For example, if a **<component>** element has a context of **User**, and a **<rules>** element had a context of **UserAndSystem**, then the **<rules>** element would act as though it had a context of **User**. If the **<rules>** element had a context of **System**, it would act as though the **<rules>** element were not there.
  • **User**: Evaluates the variables for each user.
  • **System**: Evaluates the variables only once for the system.
  • **UserAndSystem**: Evaluates the variables for the entire operating system and each user.
| For examples, see the examples for [<detection>](#detection). ## <detects> -Although the <detects> element is still supported, we recommend that you do not use it because it may be deprecated in future versions of USMT, which would require you to rewrite your scripts. Instead, we recommend that you use the [<detection>](#detection) element if the parent element is <role> or <namedElements>, and we recommend that you use the <conditions> element if the parent element is <rules>. Using <detection> allows you to more clearly formulate complex Boolean statements. +Although the **<detects>** element is still supported, it is recommend to no longer use the **<detects>** element because it may be deprecated in future versions of USMT. If the **<detects>** element were deprecated, it would require a rewrite of any scripts that use the **<detects>** element. Instead, it is recommend to use the **[<detection>](#detection)** element if the parent element is **<role>** or **<namedElements>**, or use the **[<conditions>](#conditions)** element if the parent element is **<rules>**. The **<detection>** element allows for more clearly formulated complex Boolean statements and the **<conditions>** element allows for formulation of complex Boolean statements. -The <detects> element is a container for one or more <detect> elements. If all of the child <detect> elements within a <detects> element resolve to TRUE, then <detects> resolves to TRUE. If any of the child <detect> elements resolve to FALSE, then <detects> resolves to FALSE. If you do not want to write the <detects> elements within a component, then you can create the <detects> element under the <namedElements> element, and then refer to it. If there is no <detects> element section, then USMT will assume that the component is present. The results from each <detects> element are joined together by the OR operator to form the rule used to detect the parent element. +The **<detects>** element is a container for one or more **<detect>** elements. If all of the child **<detect>** elements within a **<detects>** element resolve to **TRUE**, then **<detects>** resolves to **TRUE**. If any of the child **<detect>** elements resolve to **FALSE**, then **<detects>** resolves to **FALSE**. If you do not want to write the **<detects>** elements within a component, then you can create the **<detects>** element under the **<namedElements>** element, and then refer to it. If there is no **<detects>** element section, then USMT will assume that the component is present. The results from each **<detects>** element are joined together by the **OR** operator to form the rule used to detect the parent element. Syntax: @@ -771,14 +774,14 @@ Syntax: - **Parent elements:** [<role>](#role), [<rules>](#rules), [<namedElements>](#namedelements) -- **Required child elements:** <detect> +- **Required child elements:** [<detect>](#detect) |Setting|Required?|Value| |--- |--- |--- | -| name | Yes, when <detects> is a child to <namedElements>
No, when <detects> is a child to <role> or <rules> | When *ID* is specified, no child <detect> elements are processed. Instead, any other <detects> elements with the same name that are declared within the <namedElements> element are processed. | -| context | No
(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the <component element>. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though the <rules> element were not there.
  • **User.** Evaluates the variables for each user.
  • **System.** Evaluates the variables only once for the system.
  • **UserAndSystem.** Evaluates the variables for the entire operating system and each user.

The context parameter is ignored for <detects> elements that are inside <rules> elements. | +| name | Yes, when <detects> is a child to **<namedElements>**
No, when <detects> is a child to **<role>** or **<rules>** | When *ID* is specified, no child **<detect>** elements are processed. Instead, any other **<detects>** elements with the same name that are declared within the **<namedElements>** element are processed. | +| context | No
(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the **<component element>**. For example, if a **<component>** element has a context of **User** and a **<rules>** element had a context of **UserAndSystem**, then the **<rules>** element would act as though it had a context of **User**. If the **<rules>** element had a context of **System**, it would act as though the **<rules>** element were not there.
  • **User**: Evaluates the variables for each user.
  • **System**: Evaluates the variables only once for the system.
  • **UserAndSystem**: Evaluates the variables for the entire operating system and each user.

The context parameter is ignored for **<detects>** elements that are inside **<rules>** elements. | -The following example is from the MigApp.xml file. +The following example is from the `MigApp.xml` file. ```xml @@ -793,11 +796,11 @@ The following example is from the MigApp.xml file. ## <detection> -The <detection> element is a container for one <conditions> element. The result of the child <condition> elements, located underneath the <conditions> element, determines the result of this element. For example, if all of the child <conditions> elements within the <detection> element resolve to TRUE, then the <detection> element resolves to TRUE. If any of the child <conditions> elements resolve to FALSE, then the <detection> element resolves to FALSE. +The **<detection>** element is a container for one **<conditions>** element. The result of the child **<condition>** elements, located underneath the **<conditions>** element, determines the result of this element. For example, if all of the child **<conditions>** elements within the **<detection>** element resolve to **TRUE**, then the **<detection>** element resolves to **TRUE**. If any of the child **<conditions>** elements resolve to **FALSE**, then the **<detection>** element resolves to **FALSE**. -In addition, the results from each <detection> section within the <role> element are joined together by the OR operator to form the detection rule of the parent element. That is, if one of the <detection> sections resolves to TRUE, then the <role> element will be processed. Otherwise, the <role> element will not be processed. +In addition, the results from each **<detection>** section within the **<role>** element are joined together by the **OR** operator to form the detection rule of the parent element. That is, if one of the **<detection>** sections resolves to **TRUE**, then the **<role>** element will be processed. Otherwise, the **<role>** element will not be processed. -Use the <detection> element under the <namedElements> element if you do not want to write it within a component. Then include a matching <detection> section under the <role> element to control whether the component is migrated. If there is not a <detection> section for a component, then USMT will assume that the component is present. +Use the **<detection>** element under the **<namedElements>** element if you do not want to write it within a component. Then include a matching **<detection>** section under the **<role>** element to control whether the component is migrated. If there is not a **<detection>** section for a component, then USMT will assume that the component is present. - **Number of occurrences:** Unlimited. @@ -814,8 +817,8 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -| name |
  • Yes, when <detection> is declared under <namedElements>
  • Optional, when declared under <role>
| If declared, the content of the <detection> element is ignored and the content of the <detection> element with the same name that is declared in the <namedElements> element will be evaluated. | -| context | No, default = UserAndSystem | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.
  • **User.** Evaluates the component for each user.
  • **System.** Evaluates the component only once for the system.
  • **UserAndSystem.** Evaluates the component for the entire operating system and each user.
| +| name |
  • Yes, when **<detection>** is declared under **<namedElements>**
  • Optional, when declared under **<role>**
| If declared, the content of the **<detection>** element is ignored and the content of the **<detection>** element with the same name that is declared in the **<namedElements>** element will be evaluated. | +| context | No, default = UserAndSystem | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.
  • **User**: Evaluates the component for each user.
  • **System**: Evaluates the component only once for the system.
  • **UserAndSystem**: Evaluates the component for the entire operating system and each user.
| For example: @@ -842,7 +845,7 @@ and ## <displayName> -The <displayName> element is a required field within each <component> element. +The **<displayName>** element is a required field within each **<component>** element. - **Number of occurrences:** once for each component @@ -869,7 +872,7 @@ For example: ## <environment> -The <environment> element is a container for <variable> elements in which you can define variables to use in your .xml file. All environment variables defined this way will be private. That is, they will be available only for their child components and the component in which they were defined. For two example scenarios, see [Examples](#examples). +The **<environment>** element is a container for **<variable>** elements in which you can define variables to use in your .xml file. All environment variables defined this way will be private. That is, they will be available only for their child components and the component in which they were defined. For two example scenarios, see [Examples](#examples). - **Number of occurrences:** unlimited @@ -877,7 +880,7 @@ The <environment> element is a container for <variable> elements in - **Required child elements:** [<variable>](#variable) -- **Optional child elements:** [conditions](#conditions) +- **Optional child elements:** [<conditions>](#conditions) Syntax: @@ -888,14 +891,14 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -| name | Yes, when <environment> is a child of <namedElements>
No, when <environment> is a child of <role> or <component> | When declared as a child of the <role> or <component> elements, if *ID* is declared, USMT ignores the content of the <environment> element and the content of the <environment> element with the same name declared in the <namedElements> element is processed. | -| context | No
(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the <component> element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it had a context of User. If the <rules> element had a context of System, it would act as though <rules> were not there.
  • **User.** Evaluates the variables for each user.
  • **System.** Evaluates the variables only once for the system.
  • **UserAndSystem.** Evaluates the variables for the entire operating system and each user.
| +| name | Yes, when **<environment>** is a child of **<namedElements>**
No, when **<environment>** is a child of **<role>** or **<component>** | When declared as a child of the **<role>** or **<component>** elements, if *ID* is declared, USMT ignores the content of the **<environment>** element and the content of the **<environment>** element with the same name declared in the **<namedElements>** element is processed. | +| context | No
(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the **<component>** element. For example, if a **<component>** element has a context of **User** and a **<rules>** element had a context of **UserAndSystem**, then the **<rules>** element would act as though it had a context of **User**. If the **<rules>** element had a context of **System**, it would act as though **<rules>** were not there.
  • **User**: Evaluates the variables for each user.
  • **System**: Evaluates the variables only once for the system.
  • **UserAndSystem**: Evaluates the variables for the entire operating system and each user.
| ## Examples ### Example scenario 1 -In this scenario, you want to generate the location of objects at run time depending on the configuration of the destination computer. For example, you must do this if an application writes data in the directory where it is installed, and users can install the application anywhere on the computer. If the application writes a registry value hklm\\software\\companyname\\install \[path\] and then updates this value with the location where the application is installed, then the only way for you to migrate the required data correctly is to define an environment variable. For example: +In this scenario, you want to generate the location of objects at run time depending on the configuration of the destination computer. For example, you must do this if an application writes data in the directory where it is installed, and users can install the application anywhere on the computer. If the application writes a registry value `hklm\software\companyname\install [path\]` and then updates this value with the location where the application is installed, then the only way for you to migrate the required data correctly is to define an environment variable. For example: ```xml @@ -915,7 +918,7 @@ Then you can use an include rule as follows. You can use any of the [<script& ``` -Second, you can also filter registry values that contain data that you need. The following example extracts the first string (before the separator ",") in the value of the registry Hklm\\software\\companyname\\application\\ \[Path\]. +Second, you can also filter registry values that contain data that you need. The following example extracts the first string (before the separator "`,`") in the value of the registry `Hklm\software\companyname\application\ [Path\]`. ```xml @@ -933,7 +936,7 @@ Second, you can also filter registry values that contain data that you need. The ### Example scenario 2 -In this scenario, you want to migrate five files named File1.txt, File2.txt, and so on, from %SYSTEMDRIVE%\\data\\userdata\\dir1\\dir2\\. To do this you must have the following <include> rule in an .xml file: +In this scenario, you want to migrate five files named `File1.txt`, `File2.txt`, and so on, from `%SYSTEMDRIVE%\data\userdata\dir1\dir2\`. To do this you must have the following **<include>** rule in an .xml file: ```xml @@ -957,7 +960,7 @@ Instead of typing the path five times, you can create a variable for the locatio ``` -Then, you can specify the variable in an <include> rule as follows: +Then, you can specify the variable in an **<include>** rule as follows: ```xml @@ -973,7 +976,7 @@ Then, you can specify the variable in an <include> rule as follows: ## <exclude> -The <exclude> element determines what objects will not be migrated, unless there is a more specific <include> element that migrates an object. If there is an <include> and <exclude> element for the same object, the object will be included. For each <exclude> element there can be multiple child <objectSet> elements. +The **<exclude>** element determines what objects will not be migrated, unless there is a more specific **<include>** element that migrates an object. If there is an **<include>** and **<exclude>** element for the same object, the object will be included. For each **<exclude>** element there can be multiple child **<objectSet>** elements. - **Number of occurrences:** Unlimited @@ -981,7 +984,7 @@ The <exclude> element determines what objects will not be migrated, unless - **Child elements:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<exclude> filter functions](#include-and-exclude-filter-functions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, NeverRestore, and SameRegContent. +- **Helper functions:** You can use the following [<exclude> filter functions](#include-and-exclude-filter-functions) with this element: `CompareStringContent`, `IgnoreIrrelevantLinks`, `AnswerNo`, `NeverRestore`, and `SameRegContent`. Syntax: @@ -992,7 +995,7 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -|filter|No
(default = No)|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| +|filter|No
(default = No)|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.| For example, from the MigUser.xml file: @@ -1008,7 +1011,7 @@ For example, from the MigUser.xml file: ## <excludeAttributes> -You can use the <excludeAttributes> element to determine which parameters associated with an object will not be migrated. If there are conflicts between the <includeAttributes> and <excludeAttributes> elements, the most specific pattern determines the patterns that will not be migrated. If an object does not have an <includeAttributes> or <excludeAttributes> element, then all of its parameters will be migrated. +You can use the **<excludeAttributes>** element to determine which parameters associated with an object will not be migrated. If there are conflicts between the **<includeAttributes>** and **<excludeAttributes>** elements, the most specific pattern determines the patterns that will not be migrated. If an object does not have an **<includeAttributes>** or **<excludeAttributes>** element, then all of its parameters will be migrated. - **Number of occurrences:** Unlimited @@ -1054,7 +1057,7 @@ Example: %SYSTEMDRIVE%\ [aa.txt] - + logoff @@ -1115,7 +1118,7 @@ Syntax: |--- |--- |--- | |*FilenameExtension*|Yes|A file name extension.| -For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the <component> element: +For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the **<component>** element: ```xml @@ -1123,7 +1126,7 @@ For example, if you want to migrate all \*.doc files from the source computer, s ``` -is the same as specifying the following code below the <rules> element: +is the same as specifying the following code below the **<rules>** element: ```xml @@ -1137,7 +1140,7 @@ For another example of how to use the <extension> element, see the example ## <externalProcess> -You can use the <externalProcess> element to run a command line during the migration process. For example, you may want to run a command after the LoadState process completes. +You can use the <externalProcess> element to run a command line during the migration process. For example, you may want to run a command after the **LoadState** process completes. - **Number of occurrences:** Unlimited @@ -1164,7 +1167,7 @@ This is an internal USMT element. Do not use this element. ## <include> -The <include> element determines what to migrate, unless there is a more specific [<exclude>](#exclude) rule. You can specify a script to be more specific to extend the definition of what you want to collect. For each <include> element there can be multiple <objectSet> elements. +The **<include>** element determines what to migrate, unless there is a more specific [<exclude>](#exclude) rule. You can specify a script to be more specific to extend the definition of what you want to collect. For each **<include>** element there can be multiple **<objectSet>** elements. - **Number of occurrences:** Unlimited @@ -1172,7 +1175,7 @@ The <include> element determines what to migrate, unless there is a more s - **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<include> filter functions](#include-and-exclude-filter-functions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, and NeverRestore. +- **Helper functions:** You can use the following [<include> filter functions](#include-and-exclude-filter-functions) with this element: `CompareStringContent`, `IgnoreIrrelevantLinks`, `AnswerNo`, and `NeverRestore`. Syntax: @@ -1183,7 +1186,7 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -| filter | No.
If this parameter is not specified, then all patterns that are inside the child <ObjectSet> element will be processed. | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated. | +| filter | No.
If this parameter is not specified, then all patterns that are inside the child **<objectSet>** element will be processed. | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script will be called for each object that is enumerated by the object sets in the **<include>** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated. | The following example is from the MigUser.xml file: @@ -1215,13 +1218,13 @@ The following example is from the MigUser.xml file: ``` -### <include> and <exclude> filter functions +### <include> and **<exclude>** filter functions The following functions return a Boolean value. You can use them to migrate certain objects based on when certain conditions are met. - **AnswerNo** - This filter always returns FALSE. + This filter always returns **FALSE**. Syntax: `AnswerNo ()` @@ -1232,11 +1235,11 @@ The following functions return a Boolean value. You can use them to migrate cert |Setting|Required?|Value| |--- |--- |--- | | *StringContent* | Yes | The string to check against. | - | *CompareType* | Yes | A string. Use one of the following values:
  • **Equal** (case insensitive). The function returns TRUE if the string representation of the current object that is processed by the migration engine is identical to `StringContent`.
  • **NULL** **or any other value**. The function returns TRUE if the string representation of the current object that is processed by the migration engine does not match `StringContent`.
| + | *CompareType* | Yes | A string. Use one of the following values:
  • **Equal** (case insensitive). The function returns **TRUE** if the string representation of the current object that is processed by the migration engine is identical to `StringContent`.
  • **NULL** **or any other value**. The function returns **TRUE** if the string representation of the current object that is processed by the migration engine does not match `StringContent`.
| - **IgnoreIrrelevantLinks** - This filter screens out the .lnk files that point to an object that is not valid on the destination computer. Note that the screening takes place on the destination computer, so all .lnk files will be saved to the store during ScanState. Then they will be screened out when you run the LoadState tool. + This filter screens out the .lnk files that point to an object that is not valid on the destination computer. Note that the screening takes place on the destination computer, so all .lnk files will be saved to the store during **ScanState**. Then they will be screened out when you run the **LoadState** tool. Syntax: `IgnoreIrrelevantLinks ()` @@ -1252,7 +1255,7 @@ The following functions return a Boolean value. You can use them to migrate cert - **NeverRestore** - You can use this function to collect the specified objects from the source computer but then not migrate the objects to the destination computer. When run with the ScanState tool, this function evaluates to TRUE. When run with the LoadState tool, this function evaluates to FALSE. You may want to use this function when you want to check an object's value on the destination computer but do not intend to migrate the object to the destination. + You can use this function to collect the specified objects from the source computer but then not migrate the objects to the destination computer. When run with the **ScanState** tool, this function evaluates to **TRUE**. When run with the **LoadState** tool, this function evaluates to **FALSE**. You may want to use this function when you want to check an object's value on the destination computer but do not intend to migrate the object to the destination. Syntax: `NeverRestore()` @@ -1268,7 +1271,7 @@ The following functions return a Boolean value. You can use them to migrate cert ## <includeAttributes> -You can use the <includeAttributes> element to determine whether certain parameters associated with an object will be migrated along with the object itself. If there are conflicts between the <includeAttributes> and <excludeAttributes> elements, the most specific pattern will determine which parameters will be migrated. If an object does not have an <includeAttributes> or <excludeAttributes> element, then all of its parameters will be migrated. +You can use the **<includeAttributes>** element to determine whether certain parameters associated with an object will be migrated along with the object itself. If there are conflicts between the **<includeAttributes>** and **<excludeAttributes>** elements, the most specific pattern will determine which parameters will be migrated. If an object does not have an **<includeAttributes>** or **<excludeAttributes>** element, then all of its parameters will be migrated. - **Number of occurrences:** unlimited @@ -1285,9 +1288,9 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -| attributes | Yes | Specifies the attributes to be included with a migrated object. You can specify one of the following, or both separated by quotes; for example, `"Security","TimeFields"`:
  • Security can be one of the following values:
    • **Owner.** The owner of the object (SID).
    • **Group.** The primary group for the object (SID).
    • **DACL** (discretionary access control list). An access control list that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.
    • **SACL** (system access control list). An ACL that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.
  • TimeFields can be one of the following:
    • **CreationTime.** Specifies when the file or directory was created.
    • **LastAccessTime.** Specifies when the file is last read from, written to, or, in the case of executable files, run.
    • **LastWrittenTime.** Specifies when the file is last written to, truncated, or overwritten.
| +| attributes | Yes | Specifies the attributes to be included with a migrated object. You can specify one of the following, or both separated by quotes; for example, `"Security","TimeFields"`:
  • Security can be one of the following values:
    • **Owner**: The owner of the object (SID).
    • **Group**: The primary group for the object (SID).
    • **DACL** (discretionary access control list): An access control list that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.
    • **SACL** (system access control list): An ACL that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.
  • TimeFields can be one of the following:
    • **CreationTime**: Specifies when the file or directory was created.
    • **LastAccessTime**: Specifies when the file is last read from, written to, or, in the case of executable files, run.
    • **LastWrittenTime**: Specifies when the file is last written to, truncated, or overwritten.
| -For an example of how to use the <includeAttributes> element, see the example for [<excludeAttributes>](#excludeattributes). +For an example of how to use the **<includeAttributes>** element, see the example for [<excludeAttributes>](#excludeattributes). ## <library> @@ -1295,9 +1298,9 @@ This is an internal USMT element. Do not use this element. ## <location> -The <location> element defines the location of the <object> element. +The **<location>** element defines the location of the **<object>** element. -- **Number of occurrences:** once for each <object> +- **Number of occurrences:** once for each **<object>** - **Parent elements:** [<object>](#object) @@ -1314,7 +1317,7 @@ Syntax: |type|Yes|*typeID* can be Registry or File.| |*ObjectLocation*|Yes|The location of the object.| -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml @@ -1333,7 +1336,7 @@ The following example is from the MigApp.xml file: ## <locationModify> -You can use the <locationModify> element to change the location and name of an object before it is migrated to the destination computer. The <locationModify> element is processed only when the LoadState tool is run on the destination computer. In other words, this element is ignored by the ScanState tool. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. +You can use the <locationModify> element to change the location and name of an object before it is migrated to the destination computer. The <locationModify> element is processed only when the **LoadState** tool is run on the destination computer. In other words, this element is ignored by the **ScanState** tool. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. **Number of occurrences:** Unlimited @@ -1341,7 +1344,7 @@ You can use the <locationModify> element to change the location and name o - **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<locationModify> functions](#locationmodify-functions) with this element: ExactMove, RelativeMove, and Move. +- **Helper functions:** You can use the following [<locationModify> functions](#locationmodify-functions) with this element: `ExactMove`, `RelativeMove`, and `Move`. Syntax: @@ -1352,9 +1355,9 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| +|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.| -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml @@ -1366,11 +1369,11 @@ The following example is from the MigApp.xml file: ### <locationModify> functions -The following functions change the location of objects as they are migrated when using the <locationModify> element. These functions are called for every object that the parent <ObjectSet> element is enumerating. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. +The following functions change the location of objects as they are migrated when using the <locationModify> element. These functions are called for every object that the parent **<objectSet>** element is enumerating. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. - **ExactMove** - The ExactMove function moves all of the objects that are matched by the parent <ObjectSet> element into the given *ObjectEncodedLocation*. You can use this function when you want to move a single file to a different location on the destination computer. If the destination location is a node, all of the matching source objects will be written to the node without any subdirectories. If the destination location is a leaf, the migration engine will migrate all of the matching source objects to the same location. If a collision occurs, the normal collision algorithms will apply. + The ExactMove function moves all of the objects that are matched by the parent **<objectSet>** element into the given *ObjectEncodedLocation*. You can use this function when you want to move a single file to a different location on the destination computer. If the destination location is a node, all of the matching source objects will be written to the node without any subdirectories. If the destination location is a leaf, the migration engine will migrate all of the matching source objects to the same location. If a collision occurs, the normal collision algorithms will apply. Syntax: `ExactMove(ObjectEncodedLocation)` @@ -1406,7 +1409,7 @@ The following functions change the location of objects as they are migrated when |Setting|Required?|Value| |--- |--- |--- | - |*SourceRoot*|Yes|The location from where the objects will be moved. Any source objects that are enumerated by the parent <ObjectSet> element that are not in this location will not be moved.| + |*SourceRoot*|Yes|The location from where the objects will be moved. Any source objects that are enumerated by the parent **<objectSet>** element that are not in this location will not be moved.| |*DestinationRoot*|Yes|The location where the source objects will be moved to on the destination computer. If needed, this function will create any subdirectories that were above *SourceRoot*.| For example: @@ -1450,7 +1453,7 @@ Syntax: ## <merge> -The <merge> element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify <include> rules along with the <merge> element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a <merge> rule `C:\* [*]` set to <sourcePriority> and a <merge> rule `C:\subfolder\* [*]` set to <destinationPriority>, then USMT would use the <destinationPriority> rule because it is the more specific. +The <merge> element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify **<include>** rules along with the <merge> element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a <merge> rule `C:\* [*]` set to <sourcePriority> and a <merge> rule `C:\subfolder\* [*]` set to <destinationPriority>, then USMT would use the <destinationPriority> rule because it is the more specific. For an example of this element, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). @@ -1460,7 +1463,7 @@ For an example of this element, see [Conflicts and precedence](usmt-conflicts-an - **Required child element:** [<objectSet>](#objectset) -- **Helper functions:** You can use the following [<merge> functions](#merge-functions) with this element: SourcePriority, DestinationPriority, FindFilePlaceByPattern, LeafPattern, NewestVersion, HigherValue(), and LowerValue(). +- **Helper functions:** You can use the following [<merge> functions](#merge-functions) with this element: `SourcePriority`, `DestinationPriority`, `FindFilePlaceByPattern`, `LeafPattern`, `NewestVersion`, `HigherValue()`, and `LowerValue()`. Syntax: @@ -1471,7 +1474,7 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.| +|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the **<include>** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.| The following example is from the MigUser.xml file: @@ -1578,7 +1581,7 @@ Syntax: |urlid|Yes|*UrlID* is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](/previous-versions/windows/desktop/ms754539(v=vs.85)).| |Name|No|Although not required, it is good practice to use the name of the .xml file.| -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml @@ -1613,7 +1616,7 @@ This filter helper function can be used to filter the migration of files based o ## <namedElements> -You can use the **<namedElements>** element to define named elements. You can use these elements in any component throughout your .xml file. For an example of how to use this element, see the MigApp.xml file. +You can use the **<namedElements>** element to define named elements. You can use these elements in any component throughout your .xml file. For an example of how to use this element, see the `MigApp.xml` file. Syntax: @@ -1626,13 +1629,13 @@ Syntax: - **Parent elements:** [<migration>](#migration) -- **Child elements:** [<environment>](#environment), [<rules>](#rules), [<conditions>](#conditions), [<detection>](#detection), <detects>, <detect> +- **Child elements:** [<environment>](#environment), [<rules>](#rules), [<conditions>](#conditions), [<detection>](#detection), [<detects>](#detects), [<detect>](#detect) -For an example of this element, see the MigApp.xml file. +For an example of this element, see the `MigApp.xml` file. ## <object> -The <object> element represents a file or registry key. +The **<object>** element represents a file or registry key. - **Number of occurrences:** Unlimited @@ -1649,7 +1652,7 @@ Syntax: ``` -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml @@ -1668,15 +1671,15 @@ The following example is from the MigApp.xml file: ## <objectSet> -The <objectSet> element contains a list of object patterns ; for example, file paths, registry locations, and so on. Any child <conditions> elements will be evaluated first. If all child <conditions> elements return FALSE, the <objectSet> element will evaluate to an empty set. For each parent element, there can be only multiple <objectSet> elements. +The **<objectSet>** element contains a list of object patterns ; for example, file paths, registry locations, and so on. Any child **<conditions>** elements will be evaluated first. If all child **<conditions>** elements return **FALSE**, the **<objectSet>** element will evaluate to an empty set. For each parent element, there can be only multiple **<objectSet>** elements. - **Number of occurrences:** Unlimited -- **Parent elements:** [<variable>](#variable), [<content>](#content), [<include>](#include), [<exclude>](#exclude), [<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [<unconditionalExclude>](#unconditionalexclude), <detect> +- **Parent elements:** [<variable>](#variable), [<content>](#content), [<include>](#include), [<exclude>](#exclude), [<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [<unconditionalExclude>](#unconditionalexclude), [<detect>](#detect) - **Required child elements:** either [<script>](#script) or [<pattern>](#pattern) -- **Optional child elements:** [<content>](#content), [conditions](#conditions), <condition> +- **Optional child elements:** [<content>](#content), [<conditions>](#conditions), [<condition>](#condition) Syntax: @@ -1725,7 +1728,7 @@ This is an internal USMT element. Do not use this element. ## <pattern> -You can use this element to specify multiple objects. You can specify multiple <pattern> elements for each <objectSet> element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with <script> instead. GenerateDrivePatterns is basically the same as a <pattern> rule, without the drive letter specification. For example, the following two lines of code are similar: +You can use this element to specify multiple objects. You can specify multiple <pattern> elements for each **<objectSet>** element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with <script> instead. GenerateDrivePatterns is basically the same as a <pattern> rule, without the drive letter specification. For example, the following two lines of code are similar: ```xml C:\Folder\* [Sample.doc] @@ -1808,15 +1811,15 @@ This is an internal USMT element. Do not use this element. ## <role> -The <role> element is required in a custom .xml file. By specifying the <role> element, you can create a concrete component. The component will be defined by the parameters specified at the <component> level, and with the role that you specify here. +The **<role>** element is required in a custom .xml file. By specifying the **<role>** element, you can create a concrete component. The component will be defined by the parameters specified at the **<component>** level, and with the role that you specify here. -- **Number of occurrences:** Each <component> can have one, two or three child <role> elements. +- **Number of occurrences:** Each **<component>** can have one, two or three child **<role>** elements. - **Parent elements:** [<component>](#component), [<role>](#role) - **Required child elements:** [<rules>](#rules) -- **Optional child elements:** [<environment>](#environment), [<detection>](#detection), [<component>](#component), [<role>](#role), <detects>, <plugin>, +- **Optional child elements:** [<environment>](#environment), [<detection>](#detection), [<component>](#component), [<role>](#role), [<detects>](#detects), [<plugin>](#plugin) Syntax: @@ -1827,9 +1830,9 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -| role | Yes | Defines the role for the component. Role can be one of:
  • **Container**
  • **Binaries**
  • **Settings**
  • **Data**
You can either:
  1. Specify up to three <role> elements within a <component> — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.
  2. Specify one "Container" <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:
<component context="UserAndSystem" type="Application"> 
  <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
  <environment name="GlobalEnv" /> 
  <role role="Container">
    <detection name="AnyOffice2003Version" /> 
    <detection name="FrontPage2003" /> 
    <!-- 
 Office 2003 Common Settings 
  --> 
     <component context="UserAndSystem" type="Application">
| +| role | Yes | Defines the role for the component. Role can be one of:
  • **Container**
  • **Binaries**
  • **Settings**
  • **Data**
You can either:
  1. Specify up to three **<role>** elements within a **<component>** — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these **<role>** elements, but each nested element must be of the same role parameter.
  2. Specify one "Container" **<role>** element within a **<component>** element. In this case, you cannot specify any child **<rules>** elements, only other **<component>** elements. And each child **<component>** element must have the same type as that of parent **<component>** element. For example:
<component context="UserAndSystem" type="Application"> 
  <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
  <environment name="GlobalEnv" /> 
  <role role="Container">
    <detection name="AnyOffice2003Version" /> 
    <detection name="FrontPage2003" /> 
    <!-- 
 Office 2003 Common Settings 
  --> 
     <component context="UserAndSystem" type="Application">
| -The following example is from the MigUser.xml file. For more examples, see the MigApp.xml file: +The following example is from the MigUser.xml file. For more examples, see the `MigApp.xml` file: ```xml @@ -1862,7 +1865,7 @@ The following example is from the MigUser.xml file. For more examples, see the M ## <rules> -The <rules> element is required in a custom .xml file. This element contains rules that will run during the migration if the parent <component> element is selected, unless the child <conditions> element, if present, evaluates to FALSE. For each <rules> element there can be multiple child <rules> elements. +The **<rules>** element is required in a custom .xml file. This element contains rules that will run during the migration if the parent **<component>** element is selected, unless the child **<conditions>** element, if present, evaluates to **FALSE**. For each **<rules>** element there can be multiple child **<rules>** elements. - **Number of occurrences:** unlimited @@ -1870,7 +1873,7 @@ The <rules> element is required in a custom .xml file. This element contai - **Required child elements:** [<include>](#include) -- **Optional child elements:** [<rules>](#rules), [<exclude>](#exclude), [<unconditionalExclude>](#unconditionalexclude),[<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<addObjects>](#addobjects), [<externalProcess>](#externalprocess), [<processing>](#processing), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [conditions](#conditions), <detects> +- **Optional child elements:** [<rules>](#rules), [<exclude>](#exclude), [<unconditionalExclude>](#unconditionalexclude),[<merge>](#merge), [<contentModify>](#contentmodify), [<locationModify>](#locationmodify), [<destinationCleanup>](#destinationcleanup), [<addObjects>](#addobjects), [<externalProcess>](#externalprocess), [<processing>](#processing), [<includeAttributes>](#includeattributes), [<excludeAttributes>](#excludeattributes), [conditions](#conditions), [<detects>](#detects) Syntax: @@ -1881,8 +1884,8 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | -| name | Yes, when <rules> is a child to <namedElements>
No, when <rules> is a child to any other element | When *ID* is specified, any child elements are not processed. Instead, any other <rules> elements with the same name that are declared within <namedElements> are processed. | -| context | No
(default = UserAndSystem) | Defines the scope of this parameter — whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the component element. For example, if a <component> element has a context of User and a <rules> element had a context of UserAndSystem, then the <rules> element would act as though it has a context of User. If <rules> had a context of System, it would act as though <rules> was not there.
  • **User.** Evaluates the variables for each user.
  • **System.** Evaluates the variables only once for the system.
  • **UserAndSystem.** Evaluates the variables for the entire operating system and each user.
| +| name | Yes, when **<rules>** is a child to **<namedElements>**
No, when **<rules>** is a child to any other element | When *ID* is specified, any child elements are not processed. Instead, any other **<rules>** elements with the same name that are declared within **<namedElements>** are processed. | +| context | No
(default = UserAndSystem) | Defines the scope of this parameter — whether to process this component in the context of the specific user, across the entire operating system, or both.
The largest possible scope is set by the component element. For example, if a **<component>** element has a context of **User** and a **<rules>** element had a context of **UserAndSystem**, then the **<rules>** element would act as though it has a context of **User**. If **<rules>** had a context of **System**, it would act as though **<rules>** was not there.
  • **User**: Evaluates the variables for each user.
  • **System**: Evaluates the variables only once for the system.
  • **UserAndSystem**: Evaluates the variables for the entire operating system and each user.
| The following example is from the MigUser.xml file: @@ -1928,19 +1931,19 @@ The return value that is required by <script> depends on the parent elemen - General Syntax: `` -- You can use [GetStringContent](#script-functions) when <script> is within <variable>. +- You can use [GetStringContent](#script-functions) when <script> is within **<variable>**. Syntax: `` Example: `` -- You can use [GenerateUserPatterns](#script-functions) when <script> is within <objectSet>. +- You can use [GenerateUserPatterns](#script-functions) when <script> is within **<objectSet>**. Syntax: `` Example: `` -- You can use [GenerateDrivePatterns](#script-functions) when <script> is within <objectSet>. +- You can use [GenerateDrivePatterns](#script-functions) when <script> is within **<objectSet>**. Syntax: `` @@ -1954,7 +1957,7 @@ The return value that is required by <script> depends on the parent elemen |Setting|Required?|Value| |--- |--- |--- | -| *ScriptWithArguments* | Yes | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script will be called for each object that is enumerated by the object sets in the <include> rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.
The return value that is required by <script> depends on the parent element.
  • When used within <variable>, the return value must be a string.
  • When used within <objectSet>, the return value must be a two-dimensional array of strings.
  • When used within <location>, the return value must be a valid location that aligns with the type attribute of <location>. For example, if <location type="File">, the child script element, if specified, must be a valid file location.
    **Note**
    If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
| +| *ScriptWithArguments* | Yes | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script will be called for each object that is enumerated by the object sets in the **<include>** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.
The return value that is required by <script> depends on the parent element.
  • When used within **<variable>**, the return value must be a string.
  • When used within **<objectSet>**, the return value must be a two-dimensional array of strings.
  • When used within **<location>**, the return value must be a valid location that aligns with the type attribute of **<location>**. For example, if <location type="File">, the child script element, if specified, must be a valid file location.
    **Note**
    If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
| Examples: @@ -1980,7 +1983,7 @@ These functions return either a string or a pattern. - **GetStringContent** - You can use GetStringContent with <script> elements that are within <variable> elements. If possible, this function returns the string representation of the given object. Otherwise, it returns NULL. For file objects this function always returns NULL. + You can use GetStringContent with <script> elements that are within **<variable>** elements. If possible, this function returns the string representation of the given object. Otherwise, it returns NULL. For file objects this function always returns NULL. Syntax: `GetStringContent("ObjectType","EncodedLocationPattern", "ExpandContent")` @@ -1988,7 +1991,7 @@ These functions return either a string or a pattern. |--- |--- |--- | | *ObjectType* | Yes | The type of object. Can be Registry or Ini (for an .ini file). | | *EncodedLocationPattern* | Yes |
  • If type of object is Registry, EncodedLocationPattern must be a valid registry path. For example, HKLM\SOFTWARE\MyKey[].
  • If the type of object is Ini, then EncodedLocationPattern must be in the following format:
    IniFilePath|SectionName[SettingName]
| - | *ExpandContent* | No (default=TRUE) | Can be TRUE or FALSE. If FALSE, then the given location will not be expanded before it is returned. | + | *ExpandContent* | No (default=TRUE) | Can be **TRUE** or **FALSE**. If **FALSE**, then the given location will not be expanded before it is returned. | For example: @@ -2000,7 +2003,7 @@ These functions return either a string or a pattern. - **GenerateDrivePatterns** - The GenerateDrivePatterns function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and DriveType is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use GenerateDrivePatterns with <script> elements that are within [<objectSet>](#objectset) that are within <include>/<exclude>. + The GenerateDrivePatterns function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and DriveType is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use GenerateDrivePatterns with <script> elements that are within [<objectSet>](#objectset) that are within **<include>**/<exclude>. Syntax: `GenerateDrivePatterns("PatternSegment","DriveType")` @@ -2013,7 +2016,7 @@ These functions return either a string or a pattern. - **GenerateUserPatterns** - The function will iterate through all users that are being migrated, excluding the currently processed user if <ProcessCurrentUser> is FALSE, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: + The function will iterate through all users that are being migrated, excluding the currently processed user if <ProcessCurrentUser> is **FALSE**, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: - "C:\\Documents and Settings\\A\\\* \[\*.doc\]" @@ -2027,13 +2030,13 @@ These functions return either a string or a pattern. |--- |--- |--- | |*ObjectType*|Yes|Defines the object type. Can be File or Registry.| |*EncodedLocationPattern*|Yes|The [location pattern](#specifying-locations). Environment variables are allowed.| - |*ProcessCurrentUser*|Yes|Can be TRUE or FALSE. Indicates if the patterns should be generated for the current user.| + |*ProcessCurrentUser*|Yes|Can be **TRUE** or **FALSE**. Indicates if the patterns should be generated for the current user.| **Example:** If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X's profile. -The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. +The following is example code for this scenario. The first **<rules>** element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second **<rules>** elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second **<rules>** element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. ```xml @@ -2068,9 +2071,9 @@ This helper function invokes the document finder to scan the system for all file |Setting|Required?|Value| |--- |--- |--- | -|*ScanProgramFiles*|No (default = FALSE)|Can be TRUE or FALSE. The *ScanProgramFiles* parameter determines whether or not the document finder scans the **Program Files** directory to gather registered file extensions for known applications. For example, when set to TRUE it will discover and migrate .jpg files under the Photoshop directory, if .jpg is a file extension registered to Photoshop.| -|*IncludePatterns*|No (default = TRUE)|Can be TRUE or FALSE. TRUE will generate include patterns and can be added under the <include> element. FALSE will generate exclude patterns and can be added under the <exclude> element.| -|*SystemDrive*|No (default = FALSE)|Can be TRUE or FALSE. If TRUE, restricts all patterns to the system drive.| +|*ScanProgramFiles*|No (default = FALSE)|Can be **TRUE** or **FALSE**. The *ScanProgramFiles* parameter determines whether or not the document finder scans the **Program Files** directory to gather registered file extensions for known applications. For example, when set to **TRUE** it will discover and migrate .jpg files under the Photoshop directory, if .jpg is a file extension registered to Photoshop.| +|*IncludePatterns*|No (default = TRUE)|Can be **TRUE** or **FALSE**. **TRUE** will generate include patterns and can be added under the **<include>** element. **FALSE** will generate exclude patterns and can be added under the **<exclude>** element.| +|*SystemDrive*|No (default = FALSE)|Can be **TRUE** or **FALSE**. If **TRUE**, restricts all patterns to the system drive.| ```xml @@ -2169,7 +2172,7 @@ For example: ## <unconditionalExclude> -The <unconditionalExclude> element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the Config.xml file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit <include> rules to include .mp3 files, if you specify to exclude them with this option, then they will not be migrated. +The <unconditionalExclude> element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the `Config.xml` file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit **<include>** rules to include .mp3 files, if you specify to exclude them with this option, then they will not be migrated. Use this element if you want to exclude all .mp3 files from the source computer. Or, if you are backing up C:\\UserData using another method, you can exclude the entire folder from the migration. Use this element with caution, however, because if an application needs a file that you exclude, the application may not function properly on the destination computer. @@ -2206,13 +2209,13 @@ The following .xml file excludes all .mp3 files from migration. For additional e ## <variable> -The <variable> element is required in an <environment> element. For each <variable> element there must be one <objectSet>, <script>, or <text> element. The content of the <variable> element assigns a text value to the environment variable. This element has the following three options: +The **<variable>** element is required in an **<environment>** element. For each **<variable>** element there must be one **<objectSet>**, <script>, or <text> element. The content of the **<variable>** element assigns a text value to the environment variable. This element has the following three options: -1. If the <variable> element contains a <text> element, then the value of the variable element will be the value of the <text> element. +1. If the **<variable>** element contains a <text> element, then the value of the variable element will be the value of the <text> element. -2. If the <variable> element contains a <script> element and the invocation of the script produces a non-null string, then the value of the <variable> element will be the result of the script invocation. +2. If the **<variable>** element contains a <script> element and the invocation of the script produces a non-null string, then the value of the **<variable>** element will be the result of the script invocation. -3. If the <variable> element contains an <objectSet> element and the evaluation of the <objectSet> element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element. +3. If the **<variable>** element contains an **<objectSet>** element and the evaluation of the **<objectSet>** element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element. - **Number of occurrences:** Unlimited @@ -2232,7 +2235,7 @@ Syntax: |name|Yes|*ID* is a string value that is the name used to reference the environment variable. We recommend that *ID* start with the component's name to avoid namespace collisions. For example, if your component's name is MyComponent, and you want a variable that is your component's install path, you could specify `MyComponent.InstallPath`.| |remap|No, default = FALSE|Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable's value are automatically moved to where the environment variable points on the destination computer.| -The following example is from the MigApp.xml file: +The following example is from the `MigApp.xml` file: ```xml diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md index e89befb18c..af25e49152 100644 --- a/windows/deployment/usmt/usmt-xml-reference.md +++ b/windows/deployment/usmt/usmt-xml-reference.md @@ -20,7 +20,7 @@ This section contains articles that you can use to work with and to customize th | Link | Description | |--- |--- | |[Understanding migration XML files](understanding-migration-xml-files.md)|Provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file.| -|[Config.xml file](usmt-configxml-file.md)|Describes the Config.xml file and policies concerning its configuration.| +|[Config.xml file](usmt-configxml-file.md)|Describes the `Config.xml` file and policies concerning its configuration.| |[Customize USMT XML files](usmt-customize-xml-files.md)|Describes how to customize USMT XML files.| |[Custom XML examples](usmt-custom-xml-examples.md)|Gives examples of XML files for various migration scenarios.| |[Conflicts and precedence](usmt-conflicts-and-precedence.md)|Describes the precedence of migration rules and how conflicts are handled.| diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md index 38d39d3505..5bb2cf2322 100644 --- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md +++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md @@ -37,7 +37,7 @@ The following sections demonstrate how to run the `UsmtUtils.exe` command with t To verify the condition of a compressed migration store, use the following UsmtUtils syntax: -> usmtutils.exe /verify\[:<*reportType*>\] <*filePath*> \[/l:<*logfile*>\] \[/decrypt \[:<*AlgID*>\] {/key:<*keystring*> | /keyfile:<*filename*>}\] +> UsmtUtils.exe /verify\[:<*reportType*>\] <*filePath*> \[/l:<*logfile*>\] \[/decrypt \[:<*AlgID*>\] {/key:<*keystring*> | /keyfile:<*filename*>}\] Where the placeholders have the following values: @@ -60,7 +60,7 @@ Where the placeholders have the following values: To verify whether the migration store is intact or whether it contains corrupted files or a corrupted catalog, enter: ``` syntax -usmtutils.exe /verify D:\MyMigrationStore\store.mig +UsmtUtils.exe /verify D:\MyMigrationStore\store.mig ``` Because no report type is specified, **UsmtUtils** displays the default summary report. @@ -70,7 +70,7 @@ Because no report type is specified, **UsmtUtils** displays the default summary To verify whether the catalog file is corrupted or intact, enter: ``` syntax -usmtutils.exe /verify:catalog D:\MyMigrationStore\store.mig +UsmtUtils.exe /verify:catalog D:\MyMigrationStore\store.mig ``` ## To verify the status of all files @@ -78,7 +78,7 @@ usmtutils.exe /verify:catalog D:\MyMigrationStore\store.mig To verify whether there are any corrupted files in the compressed migration store, and to specify the name and location of the log file, enter: ``` syntax -usmtutils.exe /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt` +UsmtUtils.exe /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt` ``` In addition to verifying the status of all files, this example decrypts the files. Because no encryption algorithm is specified, **UsmtUtils** uses the default 3DES cryptographic algorithm. @@ -88,7 +88,7 @@ In addition to verifying the status of all files, this example decrypts the file In this example, the log file will only list the files that became corrupted during the **ScanState** process. This list will include the catalog file if it's also corrupted. ``` syntax -usmtutils.exe /verify:failureonly D:\MyMigrationStore\USMT\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt +UsmtUtils.exe /verify:failureonly D:\MyMigrationStore\USMT\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt ``` This example also decrypts the files by specifying the cryptographic algorithm and the location of the file that contains the encryption key. From dcebcf373e557b6b22eebda2f9818dcf18c8a755 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Mon, 7 Nov 2022 10:39:45 -0500 Subject: [PATCH 026/108] Metadata/style update deployment/usmt 23 --- .../usmt/usmt-xml-elements-library.md | 124 +++++++++--------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index e686dbb4b4..941ffd48f2 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -27,7 +27,7 @@ The following table describes the XML elements and helper functions you can use ## <addObjects> -The **<addObjects>** element emulates the existence of one or more objects on the source computer. The child **<object>** elements provide the details of the emulated objects. If the content is a <script> element, the result of the invocation will be an array of objects. +The **<addObjects>** element emulates the existence of one or more objects on the source computer. The child **<object>** elements provide the details of the emulated objects. If the content is a **<script>** element, the result of the invocation will be an array of objects. - **Number of occurrences:** unlimited @@ -1336,7 +1336,7 @@ The following example is from the `MigApp.xml` file: ## <locationModify> -You can use the <locationModify> element to change the location and name of an object before it is migrated to the destination computer. The <locationModify> element is processed only when the **LoadState** tool is run on the destination computer. In other words, this element is ignored by the **ScanState** tool. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. +You can use the **<locationModify>** element to change the location and name of an object before it is migrated to the destination computer. The **<locationModify>** element is processed only when the **LoadState** tool is run on the destination computer. In other words, this element is ignored by the **ScanState** tool. The **<locationModify>** element will create the appropriate folder on the destination computer if it does not already exist. **Number of occurrences:** Unlimited @@ -1369,7 +1369,7 @@ The following example is from the `MigApp.xml` file: ### <locationModify> functions -The following functions change the location of objects as they are migrated when using the <locationModify> element. These functions are called for every object that the parent **<objectSet>** element is enumerating. The <locationModify> element will create the appropriate folder on the destination computer if it does not already exist. +The following functions change the location of objects as they are migrated when using the **<locationModify>** element. These functions are called for every object that the parent **<objectSet>** element is enumerating. The **<locationModify>** element will create the appropriate folder on the destination computer if it does not already exist. - **ExactMove** @@ -1433,7 +1433,7 @@ This is an internal USMT element. Do not use this element. ## <manufacturer> -The <manufacturer> element defines the manufacturer for the component, but does not affect the migration. +The **<manufacturer>** element defines the manufacturer for the component, but does not affect the migration. - **Number of occurrences:** zero or one @@ -1453,7 +1453,7 @@ Syntax: ## <merge> -The <merge> element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify **<include>** rules along with the <merge> element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a <merge> rule `C:\* [*]` set to <sourcePriority> and a <merge> rule `C:\subfolder\* [*]` set to <destinationPriority>, then USMT would use the <destinationPriority> rule because it is the more specific. +The **<merge>** element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to `OriginalFileName(1).OriginalExtension`. This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify **<include>** rules along with the **<merge>** element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a **<merge>** rule `C:\* [*]` set to **<sourcePriority>** and a **<merge>** rule `C:\subfolder\* [*]` set to **<destinationPriority>**, then USMT would use the **<destinationPriority>** rule because it is the more specific. For an example of this element, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). @@ -1515,13 +1515,13 @@ These functions control how collisions are resolved. - **FindFilePlaceByPattern** - The FindFilePlaceByPattern function saves files with an incrementing counter when a collision occurs. It is a string that contains one of each constructs: <F>, <E>, <N> in any order. + The FindFilePlaceByPattern function saves files with an incrementing counter when a collision occurs. It is a string that contains one of each constructs: **<F>**, **<E>**, **<N>** in any order. Syntax: `FindFilePlaceByPattern(FilePattern)` |Setting|Required?|Value| |--- |--- |--- | - | *FilePattern* | Yes |
  • **<F>** will be replaced by the original file name.
  • **<N>** will be replaced by an incrementing counter until there is no collision with the objects on the destination computer.
  • **<E>** will be replaced by the original file name extension.

For example, ` ().` will change the source file MyDocument.doc into MyDocument (1).doc on the destination computer. | + | *FilePattern* | Yes |
  • **<F>** will be replaced by the original file name.
  • **<N>** will be replaced by an incrementing counter until there is no collision with the objects on the destination computer.
  • **<E>** will be replaced by the original file name extension.

For example, ` ().` will change the source file `MyDocument.doc` into `MyDocument (1).doc` on the destination computer. | - **NewestVersion** @@ -1531,7 +1531,7 @@ These functions control how collisions are resolved. |Setting|Required?|Value| |--- |--- |--- | - |*VersionTag*|Yes|The version field that will be checked. This can be "FileVersion" or "ProductVersion". The file with the highest *VersionTag* version determines which conflicts will be resolved based on the file's version. For example, if Myfile.txt contains FileVersion 1 and the same file on the destination computer contains FileVersion 2, the file on destination will remain.| + |*VersionTag*|Yes|The version field that will be checked. This can be `FileVersion` or `ProductVersion`. The file with the highest *VersionTag* version determines which conflicts will be resolved based on the file's version. For example, if `Myfile.txt` contains FileVersion 1 and the same file on the destination computer contains FileVersion 2, the file on destination will remain.| - **HigherValue()** @@ -1559,7 +1559,7 @@ These functions control how collisions are resolved. ## <migration> -The <migration> element is the single root element of a migration .xml file and is required. Each .xml file must have a unique migration urlid. The urlid of each file that you specify on the command line must be unique. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following at the beginning of each file: <CustomFileName> is the name of the file; for example, "CustomApp". +The **<migration>** element is the single root element of a migration .xml file and is required. Each .xml file must have a unique migration urlid. The urlid of each file that you specify on the command line must be unique. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following at the beginning of each file: <CustomFileName> is the name of the file; for example, "CustomApp". - **Number of occurrences:** one @@ -1728,7 +1728,7 @@ This is an internal USMT element. Do not use this element. ## <pattern> -You can use this element to specify multiple objects. You can specify multiple <pattern> elements for each **<objectSet>** element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with <script> instead. GenerateDrivePatterns is basically the same as a <pattern> rule, without the drive letter specification. For example, the following two lines of code are similar: +You can use this element to specify multiple objects. You can specify multiple **<pattern>** elements for each **<objectSet>** element and they will be combined. If you are specifying files, you may want to use `GenerateDrivePatterns` with **<script>** instead. `GenerateDrivePatterns` is basically the same as a **<pattern>** rule, without the drive letter specification. For example, the following two lines of code are similar: ```xml C:\Folder\* [Sample.doc] @@ -1750,7 +1750,7 @@ Syntax: |Setting|Required?|Value| |--- |--- |--- | | type | Yes | *typeID* can be Registry, File, or Ini. If *typeId* is Ini, then you cannot have a space between *Path* and *object*. For example, the following is correct when type="Ini":
**<pattern type="Ini">%WinAmp5InstPath%\Winamp.ini|WinAmp[keeponscreen]</pattern>** | -| *Path* [*object*] | Yes | A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated.
  • *Path* can contain the asterisk (`*`) wildcard character or can be an [Recognized Environment Variables](usmt-recognized-environment-variables.md). You cannot use the question mark as a wildcard character.You can use HKCU and HKLM to refer to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE respectively.
  • *Object* can contain the asterisk () wildcard character. However, you cannot use the question mark as a wildcard character. For example:
    **`C:\Folder\ [*]`** enumerates all files in C:<em>Path* but no subfolders of C:\Folder.
    **`C:\Folder* [*]`** enumerates all files and subfolders of C:\Folder.
    **`C:\Folder\ [*.mp3]`** enumerates all .mp3 files in C:\Folder.
    **`C:\Folder\ [Sample.doc]`** enumerates only the Sample.doc file located in C:\Folder.
    **Note**
    If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
| +| *Path* [*object*] | Yes | A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated.
  • *Path* can contain the asterisk (`*`) wildcard character or can be an [Recognized environment variables](usmt-recognized-environment-variables.md). You cannot use the question mark as a wildcard character. You can use `HKCU` and `HKLM` to refer to `HKEY_CURRENT_USER` and `HKEY_LOCAL_MACHINE` respectively.
  • *Object* can contain the asterisk (`*`) wildcard character. However, you cannot use the question mark as a wildcard character. For example:
    **`C:\Folder\ [*]`** enumerates all files in `C:\Folder` but no subfolders of `C:\Folder`.
    **`C:\Folder* [*]`** enumerates all files and subfolders of `C:\Folder`.
    **`C:\Folder\ [*.mp3]`** enumerates all `.mp3` files in `C:\Folder`.
    **`C:\Folder\ [Sample.doc]`** enumerates only the `Sample.doc` file located in C:\Folder.
    **Note**
    If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", you must specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
| For example: @@ -1760,29 +1760,29 @@ For example: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent] ``` -- To migrate the EngineeringDrafts folder and any subfolders from the C: drive: +- To migrate the `C:\EngineeringDrafts` folder and any subfolders from the C: drive: ```xml C:\EngineeringDrafts\* [*] ``` -- To migrate only the EngineeringDrafts folder, excluding any subfolders, from the C: drive: +- To migrate only the `C:\EngineeringDrafts` folder, excluding any subfolders, from the C: drive: - [Reroute Files and Settings](usmt-reroute-files-and-settings.md) + [Reroute files and settings](usmt-reroute-files-and-settings.md) -- To migrate the Sample.doc file from C:\\EngineeringDrafts: +- To migrate the `Sample.doc` file from `C:\EngineeringDrafts`: ```xml C:\EngineeringDrafts\ [Sample.doc] ``` -- To migrate the Sample.doc file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated. +- To migrate the `Sample.doc` file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated. ```xml C:\* [Sample.doc] ``` -- For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), [Include Files and Settings](usmt-include-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md). +- For more examples of how to use this element, see [Exclude files and settings](usmt-exclude-files-and-settings.md), [Reroute files and settings](usmt-reroute-files-and-settings.md), [Include files and settings](usmt-include-files-and-settings.md), and [Custom XML examples](usmt-custom-xml-examples.md). ## <processing> @@ -1919,7 +1919,7 @@ The following example is from the MigUser.xml file: ## <script> -The return value that is required by <script> depends on the parent element. +The return value that is required by **<script>** depends on the parent element. **Number of occurrences:** Once for [<variable>](#variable), unlimited for [<objectSet>](#objectset) and [<processing>](#processing) @@ -1931,25 +1931,25 @@ The return value that is required by <script> depends on the parent elemen - General Syntax: `` -- You can use [GetStringContent](#script-functions) when <script> is within **<variable>**. +- You can use [GetStringContent](#script-functions) when **<script>** is within **<variable>**. Syntax: `` Example: `` -- You can use [GenerateUserPatterns](#script-functions) when <script> is within **<objectSet>**. +- You can use [GenerateUserPatterns](#script-functions) when **<script>** is within **<objectSet>**. Syntax: `` Example: `` -- You can use [GenerateDrivePatterns](#script-functions) when <script> is within **<objectSet>**. +- You can use [GenerateDrivePatterns](#script-functions) when **<script>** is within **<objectSet>**. Syntax: `` Example: `` -- You can use the [Simple executing scripts](#script-functions) with <script> elements that are within <processing> elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM. +- You can use the [Simple executing scripts](#script-functions) with **<script>** elements that are within **<processing>** elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM. Syntax: `` @@ -1957,11 +1957,11 @@ The return value that is required by <script> depends on the parent elemen |Setting|Required?|Value| |--- |--- |--- | -| *ScriptWithArguments* | Yes | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script will be called for each object that is enumerated by the object sets in the **<include>** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.
The return value that is required by <script> depends on the parent element.
  • When used within **<variable>**, the return value must be a string.
  • When used within **<objectSet>**, the return value must be a two-dimensional array of strings.
  • When used within **<location>**, the return value must be a valid location that aligns with the type attribute of **<location>**. For example, if <location type="File">, the child script element, if specified, must be a valid file location.
    **Note**
    If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
| +| *ScriptWithArguments* | Yes | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.
The script will be called for each object that is enumerated by the object sets in the **<include>** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.
The return value that is required by **<script>** depends on the parent element.
  • When used within **<variable>**, the return value must be a string.
  • When used within **<objectSet>**, the return value must be a two-dimensional array of strings.
  • When used within **<location>**, the return value must be a valid location that aligns with the type attribute of **<location>**. For example, if <location type="File">, the child script element, if specified, must be a valid file location.
    **Note**
    If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named "file].txt", specify `c:\documents\mydocs [file^].txt]` instead of `c:\documents\mydocs [file].txt]`.
| Examples: -To migrate the Sample.doc file from any drive on the source computer, use <script> as follows. If multiple files exist with the same name, all such files will get migrated. +To migrate the Sample.doc file from any drive on the source computer, use **<script>** as follows. If multiple files exist with the same name, all such files will get migrated. ```xml @@ -1971,7 +1971,7 @@ For more examples of how to use this element, see [Exclude Files and Settings](u ### <script> functions -You can use the following functions with the <script> element +You can use the following functions with the **<script>** element - [String and pattern generating functions](#string-and-pattern-generating-functions) @@ -1983,14 +1983,14 @@ These functions return either a string or a pattern. - **GetStringContent** - You can use GetStringContent with <script> elements that are within **<variable>** elements. If possible, this function returns the string representation of the given object. Otherwise, it returns NULL. For file objects this function always returns NULL. + You can use GetStringContent with **<script>** elements that are within **<variable>** elements. If possible, this function returns the string representation of the given object. Otherwise, it returns **NULL**. For file objects this function always returns **NULL**. Syntax: `GetStringContent("ObjectType","EncodedLocationPattern", "ExpandContent")` |Setting|Required?|Value| |--- |--- |--- | | *ObjectType* | Yes | The type of object. Can be Registry or Ini (for an .ini file). | - | *EncodedLocationPattern* | Yes |
  • If type of object is Registry, EncodedLocationPattern must be a valid registry path. For example, HKLM\SOFTWARE\MyKey[].
  • If the type of object is Ini, then EncodedLocationPattern must be in the following format:
    IniFilePath|SectionName[SettingName]
| + | *EncodedLocationPattern* | Yes |
  • If type of object is Registry, EncodedLocationPattern must be a valid registry path. For example, `HKLM\SOFTWARE\MyKey[]`.
  • If the type of object is Ini, then EncodedLocationPattern must be in the following format:
    **IniFilePath|SectionName[SettingName]**
| | *ExpandContent* | No (default=TRUE) | Can be **TRUE** or **FALSE**. If **FALSE**, then the given location will not be expanded before it is returned. | For example: @@ -2003,7 +2003,7 @@ These functions return either a string or a pattern. - **GenerateDrivePatterns** - The GenerateDrivePatterns function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and DriveType is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use GenerateDrivePatterns with <script> elements that are within [<objectSet>](#objectset) that are within **<include>**/<exclude>. + The `GenerateDrivePatterns` function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and *DriveType* is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use `GenerateDrivePatterns` with **<script>** elements that are within [<objectSet>](#objectset) that are within **<include>**/**<exclude>**. Syntax: `GenerateDrivePatterns("PatternSegment","DriveType")` @@ -2016,7 +2016,7 @@ These functions return either a string or a pattern. - **GenerateUserPatterns** - The function will iterate through all users that are being migrated, excluding the currently processed user if <ProcessCurrentUser> is **FALSE**, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: + The `GenerateUserPatterns` function will iterate through all users that are being migrated, excluding the currently processed user if **<ProcessCurrentUser>** is **FALSE**, and will expand the specified pattern in the context of each user. For example, if users A, B, and C have profiles in `C:\Documents and Settings`, by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns: - "C:\\Documents and Settings\\A\\\* \[\*.doc\]" @@ -2034,9 +2034,9 @@ These functions return either a string or a pattern. **Example:** -If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X's profile. +If `GenerateUserPattens('File','%userprofile% [*.doc]','FALSE')` is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all `.doc` files from the source computer — but if user X is not migrated, then do not migrate any of the `.doc` files from user X's profile. -The following is example code for this scenario. The first **<rules>** element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second **<rules>** elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second **<rules>** element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. +The following is example code for this scenario. The first **<rules>** element migrates all `.doc` files on the source computer with the exception of those inside `C:\Documents and Settings`. The second **<rules>** elements will migrate all `.doc` files from `C:\Documents and Settings` with the exception of the `.doc` files in the profiles of the other users. Because the second **<rules>** element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected. ```xml @@ -2067,11 +2067,11 @@ The following is example code for this scenario. The first **<rules>** ele ### MigXmlHelper.GenerateDocPatterns -This helper function invokes the document finder to scan the system for all files that can be migrated. It can be invoked in either System or User context to focus the scan. +The `MigXmlHelper.GenerateDocPatterns` helper function invokes the document finder to scan the system for all files that can be migrated. It can be invoked in either **System** or **User** context to focus the scan. |Setting|Required?|Value| |--- |--- |--- | -|*ScanProgramFiles*|No (default = FALSE)|Can be **TRUE** or **FALSE**. The *ScanProgramFiles* parameter determines whether or not the document finder scans the **Program Files** directory to gather registered file extensions for known applications. For example, when set to **TRUE** it will discover and migrate .jpg files under the Photoshop directory, if .jpg is a file extension registered to Photoshop.| +|*ScanProgramFiles*|No (default = FALSE)|Can be **TRUE** or **FALSE**. The *ScanProgramFiles* parameter determines whether or not the document finder scans the **Program Files** directory to gather registered file extensions for known applications. For example, when set to **TRUE** it will discover and migrate .jpg files under the Photoshop directory, if `.jpg` is a file extension registered to Photoshop.| |*IncludePatterns*|No (default = TRUE)|Can be **TRUE** or **FALSE**. **TRUE** will generate include patterns and can be added under the **<include>** element. **FALSE** will generate exclude patterns and can be added under the **<exclude>** element.| |*SystemDrive*|No (default = FALSE)|Can be **TRUE** or **FALSE**. If **TRUE**, restricts all patterns to the system drive.| @@ -2098,7 +2098,7 @@ This helper function invokes the document finder to scan the system for all file ### Simple executing scripts -The following scripts have no return value. You can use the following errors with <script> elements that are within <processing> elements +The following scripts have no return value. You can use the following errors with **<script>** elements that are within **<processing>** elements - **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example: @@ -2136,15 +2136,15 @@ The following scripts have no return value. You can use the following errors wit ``` -- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](/windows/win32/api/winsvc/nf-winsvc-startservicea). +- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in `HKLM\System\CurrentControlSet\Services` that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see the [StartServiceA function (winsvc.h)](/windows/win32/api/winsvc/nf-winsvc-startservicea) article. -- **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. +- **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in `HKLM\System\CurrentControlSet\Services` that holds the data for the given service. -- **SyncSCM(ServiceShortName).** Reads the Start type value from the registry (HKLM\\System\\CurrentControlSet\\Services\\ServiceShortName \[Start\]) after it is changed by the migration engine, and then synchronizes Service Control Manager (SCM) with the new value. +- **SyncSCM(ServiceShortName).** Reads the Start type value from the registry `(HKLM\System\CurrentControlSet\Services\ServiceShortName [Start])` after it is changed by the migration engine, and then synchronizes Service Control Manager (SCM) with the new value. ## <text> -You can use the <text> element to set a value for any environment variables that are inside one of the migration .xml files. +You can use the **<text>** element to set a value for any environment variables that are inside one of the migration .xml files. - **Number of occurrences:** Once in each [<variable>](#variable) element. @@ -2172,9 +2172,9 @@ For example: ## <unconditionalExclude> -The <unconditionalExclude> element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the `Config.xml` file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit **<include>** rules to include .mp3 files, if you specify to exclude them with this option, then they will not be migrated. +The **<unconditionalExclude>** element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the `Config.xml` file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit **<include>** rules to include `.mp3` files, if you specify to exclude them with this option, then they will not be migrated. -Use this element if you want to exclude all .mp3 files from the source computer. Or, if you are backing up C:\\UserData using another method, you can exclude the entire folder from the migration. Use this element with caution, however, because if an application needs a file that you exclude, the application may not function properly on the destination computer. +Use this element if you want to exclude all `.mp3` files from the source computer. Or, if you are backing up `C:\UserData` using another method, you can exclude the entire folder from the migration. Use this element with caution, however, because if an application needs a file that you exclude, the application may not function properly on the destination computer. - **Number of occurrences:** Unlimited. @@ -2188,7 +2188,7 @@ Syntax: ``` -The following .xml file excludes all .mp3 files from migration. For additional examples of how to use this element, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md). +The following .xml file excludes all `.mp3` files from migration. For additional examples of how to use this element, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md). ```xml @@ -2209,11 +2209,11 @@ The following .xml file excludes all .mp3 files from migration. For additional e ## <variable> -The **<variable>** element is required in an **<environment>** element. For each **<variable>** element there must be one **<objectSet>**, <script>, or <text> element. The content of the **<variable>** element assigns a text value to the environment variable. This element has the following three options: +The **<variable>** element is required in an **<environment>** element. For each **<variable>** element there must be one **<objectSet>**, **<script>**, or **<text>** element. The content of the **<variable>** element assigns a text value to the environment variable. This element has the following three options: -1. If the **<variable>** element contains a <text> element, then the value of the variable element will be the value of the <text> element. +1. If the **<variable>** element contains a **<text>** element, then the value of the variable element will be the value of the **<text>** element. -2. If the **<variable>** element contains a <script> element and the invocation of the script produces a non-null string, then the value of the **<variable>** element will be the result of the script invocation. +2. If the **<variable>** element contains a **<script>** element and the invocation of the script produces a non-null string, then the value of the **<variable>** element will be the result of the script invocation. 3. If the **<variable>** element contains an **<objectSet>** element and the evaluation of the **<objectSet>** element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element. @@ -2250,7 +2250,7 @@ The following example is from the `MigApp.xml` file: ## <version> -The <version> element defines the version for the component, but does not affect the migration. +The **<version>** element defines the version for the component, but does not affect the migration. - **Number of occurrences:** zero or one @@ -2276,7 +2276,7 @@ For example: ## <windowsObjects> -The <windowsObjects> element is for USMT internal use only. Do not use this element. +The **<windowsObjects>** element is for USMT internal use only. Do not use this element. ## Appendix @@ -2284,43 +2284,43 @@ The <windowsObjects> element is for USMT internal use only. Do not use thi - **Specifying encoded locations**. The encoded location used in all of the helper functions is an unambiguous string representation for the name of an object. It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves. - For example, specify the file C:\\Windows\\Notepad.exe like this: `c:\Windows[Notepad.exe]`. Similarly, specify the directory C:\\Windows\\System32 like this: `c:\Windows\System32`. (Notice the absence of the \[\] construct.) + For example, specify the file `C:\Windows\Notepad.exe` like this: `c:\Windows[Notepad.exe]`. Similarly, specify the directory `C:\Windows\System32` like this: `c:\Windows\System32`. (Notice the absence of the `[]` construct.) - Representing the registry is very similar. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key will be `HKLM\SOFTWARE\MyKey[]`. + Representing the registry is very similar. The default value of a registry key is represented as an empty `[]` construct. For example, the default value for the `HKLM\SOFTWARE\MyKey` registry key will be `HKLM\SOFTWARE\MyKey[]`. - **Specifying location patterns**. You specify a location pattern in a way that is similar to how you specify an actual location. The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf. - For example, the pattern `c:\Windows\*` will match the Windows directory and all subdirectories. But it will not match any of the files in those directories. To match the files as well, you must specify `c:\Windows\*[*]`. + For example, the pattern `c:\Windows\*` will match the Windows directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify `c:\Windows\*[*]`. ### Internal USMT functions The following functions are for internal USMT use only. Do not use them in an .xml file. -- AntiAlias +- *AntiAlias* -- ConvertScreenSaver +- *ConvertScreenSaver* -- ConvertShowIEOnDesktop +- *ConvertShowIEOnDesktop* -- ConvertToOfficeLangID +- *ConvertToOfficeLangID* -- MigrateActiveDesktop +- *MigrateActiveDesktop* -- MigrateAppearanceUPM +- *MigrateAppearanceUPM* -- MigrateDisplayCS +- *MigrateDisplayCS* -- MigrateDisplaySS +- *MigrateDisplaySS* -- MigrateIEAutoSearch +- *MigrateIEAutoSearch* -- MigrateMouseUPM +- *MigrateMouseUPM* -- MigrateSoundSysTray +- *MigrateSoundSysTray* -- MigrateTaskBarSS +- *MigrateTaskBarSS* -- SetPstPathInMapiStruc +- *SetPstPathInMapiStruc* ### Valid version tags From a91720880fa17e859cfa94e1c71bef871a47b8ad Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Mon, 7 Nov 2022 08:35:39 -0800 Subject: [PATCH 027/108] Update windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md --- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index e0e86a2289..6db051ede9 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -154,7 +154,7 @@ Footnotes: - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2) - 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1) - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2) -- 12 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-22h2) +- 12 - Available in [Windows Holographic, version 22H2](/hololens/hololens-release-notes#windows-holographic-version-22h2) - Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider). ## Related topics From 8a13c768ac30026ca5486a3deeb27b73b27a2ec4 Mon Sep 17 00:00:00 2001 From: Frank Rojas <115200257+RojasNet@users.noreply.github.com> Date: Mon, 7 Nov 2022 12:06:46 -0500 Subject: [PATCH 028/108] Metadata/style update deployment/usmt FINAL --- ...rted-with-the-user-state-migration-tool.md | 14 +- .../usmt/migrate-application-settings.md | 6 +- .../usmt/migration-store-types-overview.md | 8 +- .../usmt/offline-migration-reference.md | 10 +- .../usmt/understanding-migration-xml-files.md | 22 +- windows/deployment/usmt/usmt-common-issues.md | 4 +- .../usmt/usmt-customize-xml-files.md | 2 +- .../usmt-estimate-migration-store-size.md | 2 +- .../usmt/usmt-hard-link-migration-store.md | 4 +- windows/deployment/usmt/usmt-how-it-works.md | 2 +- .../usmt-identify-application-settings.md | 2 +- .../deployment/usmt/usmt-loadstate-syntax.md | 4 +- windows/deployment/usmt/usmt-log-files.md | 46 ++--- ...usmt-migrate-efs-files-and-certificates.md | 2 +- .../usmt/usmt-migrate-user-accounts.md | 20 +- .../usmt/usmt-migration-store-encryption.md | 4 +- .../usmt-recognized-environment-variables.md | 194 +++++++++--------- .../deployment/usmt/usmt-scanstate-syntax.md | 6 +- .../usmt/usmt-technical-reference.md | 2 +- .../usmt/usmt-xml-elements-library.md | 12 +- 20 files changed, 197 insertions(+), 169 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index e603c984d4..a5d392e636 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -34,7 +34,9 @@ This article outlines the general process that you should follow to migrate file 6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the `ScanState.exe` command. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: - `ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log` + ``` syntax + ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log + ``` 7. Review the migration state of the components listed in the `Config.xml` file, and specify `migrate=no` for any components that you don't want to migrate. @@ -49,7 +51,9 @@ This article outlines the general process that you should follow to migrate file 3. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example, - `ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log` + ``` syntax + ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log + ``` > [!NOTE] > If the source computer is running Windows 7, or Windows 8, you must run the `ScanState.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `ScanState.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). @@ -74,9 +78,11 @@ This article outlines the general process that you should follow to migrate file For example, the following command migrates the files and settings: - `LoadState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:LoadState.log` + ``` syntax + LoadState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:LoadState.log + ``` > [!NOTE] > Run the `LoadState.exe ` command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. -5. Sign out after you run the `LoadState.exe ` command. Some settings (for example, fonts, wallpaper, and screen saver settings) won't take effect until the next time that the user logs on. +5. Sign out after you run the `LoadState.exe ` command. Some settings, such as fonts, wallpaper, and screen saver settings, won't take effect until the next time that the user logs on. diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 33d1769033..4b4868af71 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -103,7 +103,7 @@ After you have completed steps 1 through 3, you'll need to create a custom migra > We recommend that you create a separate .xml file instead of adding your script to the `MigApp.xml` file. This is because the `MigApp.xml` file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the `MigApp.xml` file will be overwritten by the default version of the file and you will lose your customized version. > [!IMPORTANT] -> Some applications store information in the user profile that should not be migrated (for example, application installation paths, the computer name, and so on). You should make sure to exclude these files and registry keys from the migration. +> Some applications store information in the user profile, such as application installation paths, the computer name, etc., should not be migrated. You should make sure to exclude these files and registry keys from the migration. Your script should do the following actions: @@ -131,7 +131,9 @@ On a test computer, install the operating system that will be installed on the d To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you're testing. To specify only **User1** in the migration, enter: -`/ue:*\* /ui:user1` +``` syntax +/ue:*\* /ui:user1 +``` For more information, see the [Exclude files and settings](usmt-exclude-files-and-settings.md) article and the [User options](usmt-scanstate-syntax.md#user-options) section in the [ScanState syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration. diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 7bb4a37792..5e1a067416 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -41,7 +41,13 @@ The following flowchart illustrates the procedural differences between a local m If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. -If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share `C:\store` on the destination computer. Then run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store`. Then, run the `LoadState.exe ` command on the destination computer and specify `C:\Store` as the store location. By doing this process, you don't need to save the files to a server. +If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely such as on a shared folder, on removable media, or you can store it directly on the destination computer. For example: + +1. Ceate and share `C:\store` on the destination computer +2. Run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store` +3. Run the `LoadState.exe ` command on the destination computer and specify `C:\Store` as the store location. + +By doing this process, you don't need to save the files to a server. > [!IMPORTANT] > If possible, have users store their data within their `%UserProfile%\My Documents` and `%UserProfile%\Application Data` folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 105327d3df..fb362c9ab3 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -85,9 +85,9 @@ An offline migration can either be enabled by using a configuration file on the |Component|Option|Description| |--- |--- |--- | -|ScanState.exe|**/offline:***<path to Offline.xml>*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.| -|ScanState.exe|**/offlineWinDir:***<Windows directory>*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It's only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.| -|ScanState.exe|**/OfflineWinOld:***<Windows.old directory>*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| +|*ScanState.exe*|**/offline:***<path to Offline.xml>*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.| +|*ScanState.exe*|**/offlineWinDir:***<Windows directory>*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It's only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.| +|*ScanState.exe*|**/OfflineWinOld:***<Windows.old directory>*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| You can use only one of the `/offline`, `/offlineWinDir`, or `/OfflineWinOld` command-line options at a time. USMT doesn't support using more than one together. @@ -97,8 +97,8 @@ The following system environment variables are necessary in the scenarios outlin |Variable|Value|Scenario| |--- |--- |--- | -|USMT_WORKING_DIR|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command: 
Set USMT_WORKING_DIR=[path to working directory]
| -|MIG_OFFLINE_PLATFORM_ARCH|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| +|*USMT_WORKING_DIR*|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command: 
Set USMT_WORKING_DIR=[path to working directory]
| +*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| ## Offline.xml elements diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index e5d168b840..071a5d9d6f 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -138,11 +138,11 @@ The default `MigUser.xml` file migrates the following data: The default `MigUser.xml` file doesn't migrate the following data: -- Files tagged with both the **hidden** and **system** attributes. +- Files tagged with both the **Hidden** and **System** attributes. - Files and folders on removable drives, -- Data from the %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA% folders. +- Data from the `%WINDIR%`, `%PROGRAMFILES%`, `%PROGRAMDATA%` folders. - ACLS for files in folders outside the user profile. @@ -157,15 +157,15 @@ You can use multiple XML files with the ScanState and LoadState tools. Each of t |XML migration file|Modifies the following components:| |--- |--- | -|Config.xml file|Operating-system components such as desktop wallpaper and background theme.
You can also overload `Config.xml` to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| -|MigApps.xml file|Applications settings.| -|MigUser.xml or `MigDocs.xml` files|User files and profile settings.| -|Custom XML files|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.| +|*Config.xml file*|Operating-system components such as desktop wallpaper and background theme.
You can also overload `Config.xml` to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| +|*MigApps.xml file*|Applications settings.| +|*MigUser.xml* or *MigDocs.xml* files|User files and profile settings.| +|*Custom XML files*|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.| For example, you can use all of the XML migration file types for a single migration, as in the following example: -```console -ScanState.exe /config:c:\myFolder\Config.xml /i:migapps.xml /i:MigDocs.xml /i:customrules.xml +``` syntax +ScanState.exe /config:c:\myFolder\Config.xml /i:migapps.xml /i:MigDocs.xml /i:CustomRules.xml ``` ### XML rules for migrating user files @@ -194,14 +194,14 @@ To generate the XML migration rules file for a source computer: 4. At the command prompt, enter: - ```console + ``` syntax cd /d ScanState.exe /genmigxml: ``` Where *<USMTpath>* is the location on your source computer where you've saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, enter: - ```console + ``` syntax cd /d c:\USMT ScanState.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml" ``` @@ -230,7 +230,7 @@ The `MigDocs.xml` file calls the `GenerateDocPatterns` function, which takes thr **Usage:** -```console +``` syntax MigXmlHelper.GenerateDocPatterns ("", "", "") ``` diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 3bc2e5875c..6262d58456 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -138,7 +138,9 @@ The following sections describe common XML file problems. Expand the section to **Resolution:** Install all of the desired applications on the computer before running the `/genconfig` option. Then run `ScanState.exe` with all of the .xml files. For example, run the following command: -`ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:5 /l:ScanState.log` +``` syntax +ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:5 /l:ScanState.log +``` ### I'm having problems with a custom .xml file that I authored, and I can't verify that the syntax is correct diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index b7345bd127..9b4a91454c 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -25,7 +25,7 @@ USMT won't reroute the files, and they'll be migrated to `C:\data`. To modify the migration, do one or more of the following. -- **Modify the migration .xml files.** If you want to exclude a portion of a component—for example, you want to migrate C:\\ but exclude all of the .mp3 files—or if you want to move data to a new location on the destination computer, modify the .xml files. To modify these files, you must be familiar with the migration rules and syntax. If you want ScanState and LoadState to use these files, specify them at the command line when each command is entered. +- **Modify the migration .xml files.** If you want to exclude a portion of a component, for example, you want to migrate C:\\ but exclude all of the .mp3 files, or if you want to move data to a new location on the destination computer, modify the .xml files. To modify these files, you must be familiar with the migration rules and syntax. If you want ScanState and LoadState to use these files, specify them at the command line when each command is entered. - **Create a custom .xml file.** You can also create a custom .xml file to migrate settings for another application, or to change the migration behavior to suit your needs. For ScanState and LoadState to use this file, specify them on both command lines. diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 61289677d2..45c30d631c 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -59,7 +59,7 @@ To run the ScanState tool on the source computer with USMT installed: ScanState.exe /p: ``` - Where *<StorePath>* is a path to a directory where the migration store will be saved and *<path to a file>* is the path and filename where the XML report for space requirements will be saved. For example, + Where *<StorePath>* is a path to a directory where the migration store will be saved and *<path to a file>* is the path and filename where the XML report for space requirements will be saved. For example: ``` syntax ScanState.exe c:\store /p:c:\spaceRequirements.xml diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 3ef9d3112b..2c3791c771 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -92,7 +92,9 @@ It isn't necessary to estimate the size of a hard-link migration store since har Separate hard-link migration stores are created on each NTFS volume that contain data being migrated. In this scenario, the primary migration-store location will be specified on the command line, and should be the operating-system volume. Migration stores with identical names and directory names will be created on every volume containing data being migrated. For example: -`ScanState.exe /hardlink c:\USMTMIG […]` + ``` syntax + ScanState.exe /hardlink c:\USMTMIG […] + ``` Running this command on a system that contains the operating system on the C: drive and the user data on the D: drive will generate migration stores in the following locations, assuming that both drives are NTFS: diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md index 407d62a25c..23bb493204 100644 --- a/windows/deployment/usmt/usmt-how-it-works.md +++ b/windows/deployment/usmt/usmt-how-it-works.md @@ -108,7 +108,7 @@ The **LoadState** process is similar to the **ScanState** process. The **ScanSta 4. **LoadState** creates a master list of migration units by processing the various subsections under the **<rules>** section. Each migration unit that is in an **<include>** subsection is migrated as long, as there isn't a more specific rule for it in an **<exclude>** subsection in the same **<rules>** section. For more information about precedence, see [Conflicts and precedence](usmt-conflicts-and-precedence.md). - 5. **LoadState** evaluates the destination computer-specific subsections; for example, the **<destinationCleanup>** and **<locationModify>** subsections. + 5. **LoadState** evaluates the destination computer-specific subsections, for example, the **<destinationCleanup>** and **<locationModify>** subsections. 6. If the destination computer is running Windows 7, Windows 8, or Windows 10, then the migunits that were collected by **ScanState** using downlevel manifest files are processed by **LoadState** using the corresponding Component Manifest for Windows 7. The downlevel manifest files aren't used during **LoadState**. diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md index c41eb9b57a..24278e020b 100644 --- a/windows/deployment/usmt/usmt-identify-application-settings.md +++ b/windows/deployment/usmt/usmt-identify-application-settings.md @@ -25,7 +25,7 @@ Next, identify an application owner to be in charge of each application. Applica Next, determine and locate the application settings to be migrated. You can acquire much of the information that you need for this step when you're testing the new applications for compatibility with the new operating system. -After completing the list of applications to be migrated, review the list, and work with each application owner on a list of settings to be migrated. For each setting, determine whether it needs to be migrated or if the default settings are adequate. Then, determine where the setting is located; for example, in the registry or in an .ini file. Next, consider the following questions to determine what needs to be done to migrate the setting successfully: +After completing the list of applications to be migrated, review the list, and work with each application owner on a list of settings to be migrated. For each setting, determine whether it needs to be migrated or if the default settings are adequate. Then, determine where the setting is located, for example, in the registry or in an .ini file. Next, consider the following questions to determine what needs to be done to migrate the setting successfully: - Is the destination version of the application newer than the source version? diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 2571836634..b6238044f2 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -23,7 +23,7 @@ Before you run the `LoadState.exe` command, note the following items: - For information about software requirements for running the `LoadState.exe` command, see [USMT requirements](usmt-requirements.md). -- You should sign out after you run the `LoadState.exe` command. Some settings (for example, fonts, wallpaper, and screensaver settings) won't take effect until the next time the user logs in. +- You should sign out after you run the `LoadState.exe` command. Some settings, such as example, fonts, wallpaper, and screensaver settings, won't take effect until the next time the user logs in. - Unless otherwise specified, you can use each option only once when running a tool on the command line. @@ -123,7 +123,7 @@ You can use the `/uel`, `/ue` and `/ui` options together to migrate only the use |--- |--- | | Include only User2 from the Fabrikam domain and exclude all other users. | `/ue:* /ui:fabrikam\user2` | | Include only the local user named User1 and exclude all other users. | `/ue:* /ui:user1` | -| Include only the domain users from Contoso, except Contoso\User1. | This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following options:
  • Using the **ScanState** command-line tool, enter: `/ue:* /ui:contoso`
  • Using the **LoadState** command-line tool, enter: `/ue:contoso\user1`
| +| Include only the domain users from Contoso, except Contoso\User1. | This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following options:
  • Using the **ScanState** command-line tool, enter:
    `/ue:* /ui:contoso`
  • Using the **LoadState** command-line tool, enter:
    `/ue:contoso\user1`
| | Include only local (non-domain) users. | `/ue: /ui:%computername%*` | ## Incompatible command-line options diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 49cb9e9da6..e15edd680e 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -58,25 +58,25 @@ The remaining fields are key/value pairs as indicated in the following table. | Key | Value | |-----|-------| -| **program** | `ScanState.exe` or `LoadState.exe`. | -| **productVersion** | The full product version number of USMT. | -| **computerName** | The name of the source or destination computer on which USMT was run. | -| **commandLine** | The full command used to run USMT. | -| **PHASE** | Reports that a new phase in the migration is starting. This key can be one of the following values:
  • Initializing
  • Scanning
  • Collecting
  • Saving
  • Estimating
  • Applying
| -| **detectedUser** |
  • For the **ScanState** tool, this key are the users USMT detected on the source computer that can be migrated.
  • For the **LoadState** tool, this key are the users USMT detected in the store that can be migrated.
| -| **includedInMigration** | Defines whether the user profile/component is included for migration. Valid values are **Yes** or **No**. | -| **forUser** | Specifies either of the following values:
  • The user state being migrated.
  • *This Computer*, meaning files and settings that aren't associated with a user.
| -| **detectedComponent** | Specifies a component detected by USMT.
  • For **ScanState**, this key is a component or application that is installed on the source computer.
  • For **LoadState**, this key is a component or application that was detected in the store.
| -| **totalSizeInMBToTransfer** | Total size of the files and settings to migrate in megabytes (MB). | -| **totalPercentageCompleted** | Total percentage of the migration that has been completed by either **ScanState** or **LoadState**. | -| **collectingUser** | Specifies which user **ScanState** is collecting files and settings for. | -| **totalMinutesRemaining** | Time estimate, in minutes, for the migration to complete. | -| **error** | Type of non-fatal error that occurred. This key can be one of the following values:
  • **UnableToCopy**: Unable to copy to store because the disk on which the store is located is full.
  • **UnableToOpen**: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.
  • **UnableToCopyCatalog**: Unable to copy because the store is corrupted.
  • **UnableToAccessDevice**: Unable to access the device.
  • **UnableToApply**: Unable to apply the setting to the destination computer.
| -| **objectName** | The name of the file or setting that caused the non-fatal error. | -| **action** | Action taken by USMT for the non-fatal error. The values are:
  • **Ignore**: Non-fatal error ignored and the migration continued because the **/c** option was specified on the command line.
  • **Abort**: Stopped the migration because the **/c** option wasn't specified.
| -| **errorCode** | The errorCode or return value. | -| **numberOfIgnoredErrors** | The total number of non-fatal errors that USMT ignored. | -| **message** | The message corresponding to the errorCode. | +| *program* | `ScanState.exe` or `LoadState.exe`. | +| *productVersion* | The full product version number of USMT. | +| *computerName* | The name of the source or destination computer on which USMT was run. | +| *commandLine* | The full command used to run USMT. | +| *PHASE* | Reports that a new phase in the migration is starting. This key can be one of the following values:
  • Initializing
  • Scanning
  • Collecting
  • Saving
  • Estimating
  • Applying
| +| *detectedUser* |
  • For the **ScanState** tool, this key are the users USMT detected on the source computer that can be migrated.
  • For the **LoadState** tool, this key are the users USMT detected in the store that can be migrated.
| +| *includedInMigration* | Defines whether the user profile/component is included for migration. Valid values are **Yes** or **No**. | +| *forUser* | Specifies either of the following values:
  • The user state being migrated.
  • *This Computer*, meaning files and settings that aren't associated with a user.
| +| *detectedComponent* | Specifies a component detected by USMT.
  • For *ScanState*, this key is a component or application that is installed on the source computer.
  • For **LoadState**, this key is a component or application that was detected in the store.
| +| *totalSizeInMBToTransfer* | Total size of the files and settings to migrate in megabytes (MB). | +| *totalPercentageCompleted* | Total percentage of the migration that has been completed by either **ScanState** or **LoadState**. | +| *collectingUser* | Specifies which user **ScanState** is collecting files and settings for. | +| *totalMinutesRemaining* | Time estimate, in minutes, for the migration to complete. | +| *error* | Type of non-fatal error that occurred. This key can be one of the following values:
  • **UnableToCopy**: Unable to copy to store because the disk on which the store is located is full.
  • **UnableToOpen**: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.
  • **UnableToCopyCatalog**: Unable to copy because the store is corrupted.
  • **UnableToAccessDevice**: Unable to access the device.
  • **UnableToApply**: Unable to apply the setting to the destination computer.
| +| *objectName* | The name of the file or setting that caused the non-fatal error. | +| *action* | Action taken by USMT for the non-fatal error. The values are:
  • **Ignore**: Non-fatal error ignored and the migration continued because the **/c** option was specified on the command line.
  • **Abort**: Stopped the migration because the **/c** option wasn't specified.
| +| *errorCode* | The errorCode or return value. | +| *numberOfIgnoredErrors* | The total number of non-fatal errors that USMT ignored. | +| *message** | The message corresponding to the errorCode. | ## List files log @@ -104,7 +104,7 @@ The following examples describe common scenarios in which you can use the diagno Let's imagine that we have the following directory structure and that we want the **data** directory to be included in the migration along with the **New Text Document.txt** file in the **New Folder**. The directory of `C:\data` contains: -```console +``` console 01/21/2009 10:08 PM . 01/21/2009 10:08 PM .. 01/21/2009 10:08 PM New Folder @@ -115,7 +115,7 @@ Let's imagine that we have the following directory structure and that we want th The directory of `C:\data\New Folder` contains: -```console +``` console 01/21/2009 10:08 PM . 01/21/2009 10:08 PM .. 01/21/2009 10:08 PM 0 New Text Document.txt @@ -198,7 +198,7 @@ This diagnostic log confirms that the modified **<pattern>** value enables In this scenario, you have the following directory structure and you want all files in the **Data** directory to migrate, except for text files. The `C:\Data` folder contains: -```console +``` console Directory of C:\Data 01/21/2009 10:08 PM . @@ -211,7 +211,7 @@ Directory of C:\Data The `C:\Data\New Folder\` contains: -```console +``` console 01/21/2009 10:08 PM . 01/21/2009 10:08 PM .. 01/21/2009 10:08 PM 0 New Text Document.txt diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index 3321e313d5..f7f5a3ff7f 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -35,7 +35,7 @@ Before using the **ScanState** tool for a migration that includes encrypted file You can run the [Cipher.exe](/windows-server/administration/windows-commands/cipher) tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt enter: ``` syntax -Cipher.exe /D /S: +cipher.exe /D /S: ``` where *<Path>* is the full path of the topmost parent directory where the encryption attribute is set. diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index 148ccbacad..8c124420e9 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -23,7 +23,9 @@ Links to detailed explanations of commands are available in the [Related article 2. Enter the following `ScanState.exe` command line in a command prompt window: - `ScanState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml /o` + ``` syntax + ScanState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml /o + ```` 3. Sign into the destination computer as an administrator. @@ -52,13 +54,17 @@ Links to detailed explanations of commands are available in the [Related article 2. Enter the following `ScanState.exe` command line in a command prompt window: - `ScanState.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml /o` + ``` syntax + ScanState.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml /o + ``` 3. Sign into the destination computer as an administrator. 4. Enter the following `LoadState.exe ` command line in a command prompt window: - `LoadState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml` + ``` syntax + LoadState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml + ``` ## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain @@ -68,13 +74,17 @@ Links to detailed explanations of commands are available in the [Related article 2. Enter the following `ScanState.exe` command line in a command prompt window: - `ScanState.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:MigDocs.xml /i:MigApp.xml /o` + ``` syntax + ScanState.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:MigDocs.xml /i:MigApp.xml /o + ``` 3. Sign into the destination computer as an administrator. 4. Enter the following `LoadState.exe ` command line in a command prompt window: - `LoadState.exe \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml` + ``` syntax + LoadState.exe \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml + ``` ## Related articles diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index b7896ba2dd..07c5b088c8 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -25,8 +25,8 @@ The following table describes the command-line encryption options in USMT. |Component|Option|Description| |--- |--- |--- | -|**ScanState**|**/encrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument isn't provided, the **ScanState** tool employs the **3DES** algorithm.| -|**LoadState**|**/decrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument isn't provided, the **LoadState** tool employs the **3DES** algorithm.| +|*ScanState*|**/encrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument isn't provided, the **ScanState** tool employs the **3DES** algorithm.| +|*LoadState*|**/decrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument isn't provided, the **LoadState** tool employs the **3DES** algorithm.| > [!IMPORTANT] > Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the `UsmtUtils.exe` command with the `/ec` option. For more information, see [UsmtUtils syntax](usmt-utilities.md). diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index 000f67af87..37172c925e 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -21,63 +21,63 @@ You can use these variables within sections in the .xml files with `context=User |Variable|Explanation| |--- |--- | -|**ALLUSERSAPPDATA**|Same as **CSIDL_COMMON_APPDATA**.| -|**ALLUSERSPROFILE**|Refers to `%PROFILESFOLDER%\Public` or `%PROFILESFOLDER%\all users`.| -|**COMMONPROGRAMFILES**|Same as **CSIDL_PROGRAM_FILES_COMMON**.| -|**COMMONPROGRAMFILES**(X86)|Refers to the `C:\Program Files (x86)\Common Files` folder on 64-bit systems.| -|**CSIDL_COMMON_ADMINTOOLS**|Version 10.0. The file-system directory that contains administrative tools for all users of the computer.| -|**CSIDL_COMMON_ALTSTARTUP**|The file-system directory that corresponds to the non-localized Startup program group for all users.| -|**CSIDL_COMMON_APPDATA**|The file-system directory that contains application data for all users. A typical path Windows is `C:\ProgramData`.| -|**CSIDL_COMMON_DESKTOPDIRECTORY**|The file-system directory that contains files and folders that appear on the desktop for all users. A typical path is `C:\Users\Public\Desktop`.| -|**CSIDL_COMMON_DOCUMENTS**|The file-system directory that contains documents that are common to all users. A typical path is `C:\Users\Public\Documents`.| -|**CSIDL_COMMON_FAVORITES**|The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.| -|**CSIDL_COMMON_MUSIC**|The file-system directory that serves as a repository for music files common to all users. A typical path is `C:\Users\Public\Music`.| -|**CSIDL_COMMON_PICTURES**|The file-system directory that serves as a repository for image files common to all users. A typical path is `C:\Users\Public\Pictures`.| -|**CSIDL_COMMON_PROGRAMS**|The file-system directory that contains the directories for the common program groups that appear on the **Start** menu for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs`.| -|**CSIDL_COMMON_STARTMENU**|The file-system directory that contains the programs and folders that appear on the **Start** menu for all users. A typical path in Windows is `C:\ProgramData\Microsoft\Windows\Start Menu`.| -|**CSIDL_COMMON_STARTUP**|The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup`.| -|**CSIDL_COMMON_TEMPLATES**|The file-system directory that contains the templates that are available to all users. A typical path is `C:\ProgramData\Microsoft\Windows\Templates`.| -|**CSIDL_COMMON_VIDEO**|The file-system directory that serves as a repository for video files common to all users. A typical path is `C:\Users\Public\Videos`.| -|**CSIDL_DEFAULT_APPDATA**|Refers to the Appdata folder inside `%DEFAULTUSERPROFILE%`.| -|C**SIDL_DEFAULT_LOCAL_APPDATA**|Refers to the local Appdata folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_COOKIES**|Refers to the Cookies folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_CONTACTS**|Refers to the Contacts folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_DESKTOP**|Refers to the Desktop folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_DOWNLOADS**|Refers to the Downloads folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_FAVORITES**|Refers to the Favorites folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_HISTORY**|Refers to the History folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_INTERNET_CACHE**|Refers to the Internet Cache folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_PERSONAL**|Refers to the Personal folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_MYDOCUMENTS**|Refers to the My Documents folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_MYPICTURES**|Refers to the My Pictures folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_MYMUSIC**|Refers to the My Music folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_MYVIDEO**|Refers to the My Videos folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_RECENT**|Refers to the Recent folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_SENDTO**|Refers to the Send To folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_STARTMENU**|Refers to the Start Menu folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_PROGRAMS**|Refers to the Programs folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_STARTUP**|Refers to the Startup folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_TEMPLATES**|Refers to the Templates folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_DEFAULT_QUICKLAUNCH**|Refers to the Quick Launch folder inside `%DEFAULTUSERPROFILE%`.| -|**CSIDL_FONTS**|A virtual folder containing fonts. A typical path is `C:\Windows\Fonts`.| -|**CSIDL_PROGRAM_FILESX86**|The Program Files folder on 64-bit systems. A typical path is `C:\Program Files(86)`.| -|**CSIDL_PROGRAM_FILES_COMMONX86**|A folder for components that are shared across applications on 64-bit systems. A typical path is `C:\Program Files(86)\Common`.| -|**CSIDL_PROGRAM_FILES**|The Program Files folder. A typical path is `C:\Program Files`.| -|**CSIDL_PROGRAM_FILES_COMMON**|A folder for components that are shared across applications. A typical path is `C:\Program Files\Common`.| -|**CSIDL_RESOURCES**|The file-system directory that contains resource data. A typical path is `C:\Windows\Resources`.| -|**CSIDL_SYSTEM**|The Windows System folder. A typical path is `C:\Windows\System32`.| -|**CSIDL_WINDOWS**|The Windows directory or system root path. This value corresponds to the `%WINDIR%` or `%SYSTEMROOT%` environment variables. A typical path is `C:\Windows`.| -|**DEFAULTUSERPROFILE**|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile]`.| -|**PROFILESFOLDER**|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory]`.| -|**PROGRAMFILES**|Same as **CSIDL_PROGRAM_FILES**.| -|**PROGRAMFILES(X86)**|Refers to the `C:\Program Files (x86)` folder on 64-bit systems.| -|**SYSTEM**|Refers to `%WINDIR%\system32`.| -|**SYSTEM16**|Refers to `%WINDIR%\system`.| -|**SYSTEM32**|Refers to `%WINDIR%\system32`.| -|**SYSTEMDRIVE**|The drive that holds the Windows folder. This value is a drive name and not a folder name (`C:` not `C:\`).| -|**SYSTEMPROFILE**|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath]`.| -|**SYSTEMROOT**|Same as **WINDIR**.| -|**WINDIR**|Refers to the Windows folder located on the system drive.| +|*ALLUSERSAPPDATA*|Same as **CSIDL_COMMON_APPDATA**.| +|*ALLUSERSPROFILE*|Refers to `%PROFILESFOLDER%\Public` or `%PROFILESFOLDER%\all users`.| +|*COMMONPROGRAMFILES*|Same as **CSIDL_PROGRAM_FILES_COMMON**.| +|*COMMONPROGRAMFILES*(X86)|Refers to the `C:\Program Files (x86)\Common Files` folder on 64-bit systems.| +|*CSIDL_COMMON_ADMINTOOLS*|Version 10.0. The file-system directory that contains administrative tools for all users of the computer.| +|*CSIDL_COMMON_ALTSTARTUP*|The file-system directory that corresponds to the non-localized Startup program group for all users.| +|*CSIDL_COMMON_APPDATA*|The file-system directory that contains application data for all users. A typical path Windows is `C:\ProgramData`.| +|*CSIDL_COMMON_DESKTOPDIRECTORY*|The file-system directory that contains files and folders that appear on the desktop for all users. A typical path is `C:\Users\Public\Desktop`.| +|*CSIDL_COMMON_DOCUMENTS*|The file-system directory that contains documents that are common to all users. A typical path is `C:\Users\Public\Documents`.| +|*CSIDL_COMMON_FAVORITES*|The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.| +|*CSIDL_COMMON_MUSIC*|The file-system directory that serves as a repository for music files common to all users. A typical path is `C:\Users\Public\Music`.| +|*CSIDL_COMMON_PICTURES*|The file-system directory that serves as a repository for image files common to all users. A typical path is `C:\Users\Public\Pictures`.| +|*CSIDL_COMMON_PROGRAMS*|The file-system directory that contains the directories for the common program groups that appear on the **Start** menu for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs`.| +|*CSIDL_COMMON_STARTMENU*|The file-system directory that contains the programs and folders that appear on the **Start** menu for all users. A typical path in Windows is `C:\ProgramData\Microsoft\Windows\Start Menu`.| +|*CSIDL_COMMON_STARTUP*|The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup`.| +|*CSIDL_COMMON_TEMPLATES*|The file-system directory that contains the templates that are available to all users. A typical path is `C:\ProgramData\Microsoft\Windows\Templates`.| +|*CSIDL_COMMON_VIDEO*|The file-system directory that serves as a repository for video files common to all users. A typical path is `C:\Users\Public\Videos`.| +|*CSIDL_DEFAULT_APPDATA*|Refers to the Appdata folder inside `%DEFAULTUSERPROFILE%`.| +|C*SIDL_DEFAULT_LOCAL_APPDATA*|Refers to the local Appdata folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_COOKIES*|Refers to the Cookies folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_CONTACTS*|Refers to the Contacts folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_DESKTOP*|Refers to the Desktop folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_DOWNLOADS*|Refers to the Downloads folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_FAVORITES*|Refers to the Favorites folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_HISTORY*|Refers to the History folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_INTERNET_CACHE*|Refers to the Internet Cache folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_PERSONAL*|Refers to the Personal folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_MYDOCUMENTS*|Refers to the My Documents folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_MYPICTURES*|Refers to the My Pictures folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_MYMUSIC*|Refers to the My Music folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_MYVIDEO*|Refers to the My Videos folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_RECENT*|Refers to the Recent folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_SENDTO*|Refers to the Send To folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_STARTMENU*|Refers to the Start Menu folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_PROGRAMS*|Refers to the Programs folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_STARTUP*|Refers to the Startup folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_TEMPLATES*|Refers to the Templates folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_QUICKLAUNCH*|Refers to the Quick Launch folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_FONTS*|A virtual folder containing fonts. A typical path is `C:\Windows\Fonts`.| +|*CSIDL_PROGRAM_FILESX86*|The Program Files folder on 64-bit systems. A typical path is `C:\Program Files(86)`.| +|*CSIDL_PROGRAM_FILES_COMMONX86*|A folder for components that are shared across applications on 64-bit systems. A typical path is `C:\Program Files(86)\Common`.| +|*CSIDL_PROGRAM_FILES*|The Program Files folder. A typical path is `C:\Program Files`.| +|*CSIDL_PROGRAM_FILES_COMMON*|A folder for components that are shared across applications. A typical path is `C:\Program Files\Common`.| +|*CSIDL_RESOURCES*|The file-system directory that contains resource data. A typical path is `C:\Windows\Resources`.| +|*CSIDL_SYSTEM*|The Windows System folder. A typical path is `C:\Windows\System32`.| +|*CSIDL_WINDOWS*|The Windows directory or system root path. This value corresponds to the `%WINDIR%` or `%SYSTEMROOT%` environment variables. A typical path is `C:\Windows`.| +|*DEFAULTUSERPROFILE*|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile]`.| +|*PROFILESFOLDER*|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory]`.| +|*PROGRAMFILES*|Same as **CSIDL_PROGRAM_FILES**.| +|*PROGRAMFILES(X86)*|Refers to the `C:\Program Files (x86)` folder on 64-bit systems.| +|*SYSTEM*|Refers to `%WINDIR%\system32`.| +|*SYSTEM16*|Refers to `%WINDIR%\system`.| +|*SYSTEM32*|Refers to `%WINDIR%\system32`.| +|*SYSTEMDRIVE*|The drive that holds the Windows folder. This value is a drive name and not a folder name (`C:` not `C:\`).| +|*SYSTEMPROFILE*|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath]`.| +|*SYSTEMROOT*|Same as **WINDIR**.| +|*WINDIR*|Refers to the Windows folder located on the system drive.| ## Variables that are recognized only in the user context @@ -85,46 +85,46 @@ You can use these variables in the .xml files within sections with `context=User |Variable|Explanation| |--- |--- | -|**APPDATA**|Same as **CSIDL_APPDATA**.| -|**CSIDL_ADMINTOOLS**|The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.| -|**CSIDL_ALTSTARTUP**|The file-system directory that corresponds to the user's non-localized Startup program group.| -|**CSIDL_APPDATA**|The file-system directory that serves as a common repository for application-specific data. A typical path is `C:\Users\\AppData\Roaming`.| -|**CSIDL_BITBUCKET**|The virtual folder that contains the objects in the user's Recycle Bin.| -|**CSIDL_CDBURN_AREA**|The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is `C:\Users\\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning`.| -|**CSIDL_CONNECTIONS**|The virtual folder representing Network Connections that contains network and dial-up connections.| -|**CSIDL_CONTACTS**|This value refers to the Contacts folder in %**CSIDL_PROFILE**%.| -|**CSIDL_CONTROLS**|The virtual folder that contains icons for the Control Panel items.| -|**CSIDL_COOKIES**|The file-system directory that serves as a common repository for Internet cookies. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Cookies`.| -|**CSIDL_DESKTOP**|The virtual folder representing the Windows desktop.| -|**CSIDL_DESKTOPDIRECTORY**|The file-system directory used to physically store file objects on the desktop, which shouldn't be confused with the desktop folder itself. A typical path is `C:\Users\\Desktop`.| -|**CSIDL_DRIVES**|The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.| -|**CSIDL_FAVORITES**|The file-system directory that serves as a common repository for the user's favorites. A typical path is `C:\Users\\Favorites`.| -|**CSIDL_HISTORY**|The file-system directory that serves as a common repository for Internet history items.| -|**CSIDL_INTERNET**|A virtual folder for Internet Explorer.| -|**CSIDL_INTERNET_CACHE**|The file-system directory that serves as a common repository for temporary Internet files. A typical path is `C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files`| -|**CSIDL_LOCAL_APPDATA**|The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is `C:\Users\\AppData\Local`.| -|**CSIDL_MYDOCUMENTS**|The virtual folder representing My Documents.A typical path is `C:\Users\\Documents`.| -|**CSIDL_MYMUSIC**|The file-system directory that serves as a common repository for music files. A typical path is `C:\Users\\Music`.| -|**CSIDL_MYPICTURES**|The file-system directory that serves as a common repository for image files. A typical path is `C:\Users\\Pictures`.| -|**CSIDL_MYVIDEO**|The file-system directory that serves as a common repository for video files. A typical path is `C:\Users\\Videos`.| -|**CSIDL_NETHOOD**|A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It isn't the same as **CSIDL_NETWORK**, which represents the network namespace root. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Network Shortcuts`.| -|**CSIDL_NETWORK**|A virtual folder representing My Network Places, the root of the network namespace hierarchy.| -|**CSIDL_PERSONAL**|The virtual folder representing the My Documents desktop item. This value is equivalent to **CSIDL_MYDOCUMENTS**. A typical path is `C:\Documents and Settings\\My Documents`.| -|**CSIDL_PLAYLISTS**|The virtual folder used to store play albums, typically `C:\Users\\My Music\Playlists`.| -|**CSIDL_PRINTERS**|The virtual folder that contains installed printers.| -|**CSIDL_PRINTHOOD**|The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Printer Shortcuts`.| -|**CSIDL_PROFILE**|The user's profile folder. A typical path is `C:\Users\`.| -|**CSIDL_PROGRAMS**|The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs`.| -|**CSIDL_RECENT**|The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Recent`.| -|**CSIDL_SENDTO**|The file-system directory that contains **Send To** menu items. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\SendTo`.| -|**CSIDL_STARTMENU**|The file-system directory that contains **Start** menu items. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu`.| -|**CSIDL_STARTUP**|The file-system directory that corresponds to the user's Startup program group. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup`.| -|**CSIDL_TEMPLATES**|The file-system directory that serves as a common repository for document templates. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Templates`.| -|**HOMEPATH**|Same as the standard environment variable.| -|**TEMP**|The temporary folder on the computer. A typical path is `%USERPROFILE%\AppData\Local\Temp`.| -|**TMP**|The temporary folder on the computer. A typical path is `%**USERPROFILE**%\AppData\Local\Temp`.| -|**USERPROFILE**|Same as **CSIDL_PROFILE**.| -|**USERSID**|Represents the current user-account security identifier (SID). For example, `S-1-5-21-1714567821-1326601894-715345443-1026`.| +|*APPDATA*|Same as **CSIDL_APPDATA**.| +|*CSIDL_ADMINTOOLS*|The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.| +|*CSIDL_ALTSTARTUP*|The file-system directory that corresponds to the user's non-localized Startup program group.| +|*CSIDL_APPDATA*|The file-system directory that serves as a common repository for application-specific data. A typical path is `C:\Users\\AppData\Roaming`.| +|*CSIDL_BITBUCKET*|The virtual folder that contains the objects in the user's Recycle Bin.| +|*CSIDL_CDBURN_AREA*|The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is `C:\Users\\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning`.| +|*CSIDL_CONNECTIONS*|The virtual folder representing Network Connections that contains network and dial-up connections.| +|*CSIDL_CONTACTS*|This value refers to the Contacts folder in **%CSIDL_PROFILE%**.| +|*CSIDL_CONTROLS*|The virtual folder that contains icons for the Control Panel items.| +|*CSIDL_COOKIES*|The file-system directory that serves as a common repository for Internet cookies. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Cookies`.| +|*CSIDL_DESKTOP*|The virtual folder representing the Windows desktop.| +|*CSIDL_DESKTOPDIRECTORY*|The file-system directory used to physically store file objects on the desktop, which shouldn't be confused with the desktop folder itself. A typical path is `C:\Users\\Desktop`.| +|*CSIDL_DRIVES*|The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.| +|*CSIDL_FAVORITES*|The file-system directory that serves as a common repository for the user's favorites. A typical path is `C:\Users\\Favorites`.| +|*CSIDL_HISTORY*|The file-system directory that serves as a common repository for Internet history items.| +|*CSIDL_INTERNET*|A virtual folder for Internet Explorer.| +|*CSIDL_INTERNET_CACHE*|The file-system directory that serves as a common repository for temporary Internet files. A typical path is `C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files`| +|*CSIDL_LOCAL_APPDATA*|The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is `C:\Users\\AppData\Local`.| +|*CSIDL_MYDOCUMENTS*|The virtual folder representing My Documents.A typical path is `C:\Users\\Documents`.| +|*CSIDL_MYMUSIC*|The file-system directory that serves as a common repository for music files. A typical path is `C:\Users\\Music`.| +|*CSIDL_MYPICTURES*|The file-system directory that serves as a common repository for image files. A typical path is `C:\Users\\Pictures`.| +|*CSIDL_MYVIDEO*|The file-system directory that serves as a common repository for video files. A typical path is `C:\Users\\Videos`.| +|*CSIDL_NETHOOD*|A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It isn't the same as *CSIDL_NETWORK*, which represents the network namespace root. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Network Shortcuts`.| +|*CSIDL_NETWORK*|A virtual folder representing My Network Places, the root of the network namespace hierarchy.| +|*CSIDL_PERSONAL*|The virtual folder representing the My Documents desktop item. This value is equivalent to **CSIDL_MYDOCUMENTS**. A typical path is `C:\Documents and Settings\\My Documents`.| +|*CSIDL_PLAYLISTS*|The virtual folder used to store play albums, typically `C:\Users\\My Music\Playlists`.| +|*CSIDL_PRINTERS*|The virtual folder that contains installed printers.| +|*CSIDL_PRINTHOOD*|The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Printer Shortcuts`.| +|*CSIDL_PROFILE*|The user's profile folder. A typical path is `C:\Users\`.| +|*CSIDL_PROGRAMS*|The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs`.| +|*CSIDL_RECENT*|The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Recent`.| +|*CSIDL_SENDTO*|The file-system directory that contains **Send To** menu items. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\SendTo`.| +|*CSIDL_STARTMENU*|The file-system directory that contains **Start** menu items. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu`.| +|*CSIDL_STARTUP*|The file-system directory that corresponds to the user's Startup program group. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup`.| +|*CSIDL_TEMPLATES*|The file-system directory that serves as a common repository for document templates. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Templates`.| +|*HOMEPATH*|Same as the standard environment variable.| +|*TEMP*|The temporary folder on the computer. A typical path is `%USERPROFILE%\AppData\Local\Temp`.| +|*TMP*|The temporary folder on the computer. A typical path is `%USERPROFILE%\AppData\Local\Temp`.| +|*USERPROFILE*|Same as **CSIDL_PROFILE**.| +|*USERSID*|Represents the current user-account security identifier (SID). For example, `S-1-5-21-1714567821-1326601894-715345443-1026`.| ## Related articles diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index b6105d7f11..a05ce994e0 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -43,7 +43,9 @@ The `ScanState.exe` command's syntax is: For example, to create a `Config.xml` file in the current directory, use: -`ScanState.exe /i:MigApp.xml /i:MigDocs.xml /genconfig:Config.xml /v:13` +``` syntax +ScanState.exe /i:MigApp.xml /i:MigDocs.xml /genconfig:Config.xml /v:13 +``` To create an encrypted store using the `Config.xml` file and the default migration .xml files, use: @@ -163,7 +165,7 @@ The `/uel` option takes precedence over the `/ue` option. If a user has logged o |--- |--- | |Include only User2 from the Fabrikam domain and exclude all other users.|`/ue:*\* /ui:fabrikam\user2`| |Include only the local user named User1 and exclude all other users.|`/ue:*\* /ui:user1`| -|Include only the domain users from Contoso, except Contoso\User1.|This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following commands:
  • On the `ScanState.exe` command line, enter:

    `/ue:*\* /ui:contoso\*`

  • On the `LoadState.exe` command line, enter:

    `/ue:contoso\user1`
| +|Include only the domain users from Contoso, except Contoso\User1.|This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following commands:
  • On the `ScanState.exe` command line, enter:
    `/ue:*\* /ui:contoso\*`
  • On the `LoadState.exe` command line, enter:
    `/ue:contoso\user1`
| |Include only local (non-domain) users.|`/ue:*\* /ui:%computername%\*`| ## Encrypted file options diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index 09ed7e6290..2504eabb75 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -32,7 +32,7 @@ USMT includes three command-line tools: USMT also includes a set of three modifiable .xml files: -- `MigApp.xml` +- MigApp.xml - MigDocs.xml - MigUser.xml diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index 941ffd48f2..34115d72da 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -202,9 +202,7 @@ Syntax: |negation|No
Default = No|**"Yes"** reverses the True/False value of the condition.| |*ScriptName*|Yes|A script that has been defined within this migration section.| -For example, - -In the code sample below, the **<condition>** elements, A and B, are joined together by the **AND** operator because they are in separate **<conditions>** sections. For example: +For example, in the code sample below, the **<condition>** elements, **A** and **B**, are joined together by the **AND** operator because they are in separate **<conditions>** sections: ```xml @@ -247,7 +245,7 @@ The **<condition>** functions return a Boolean value. You can use these el |Setting|Required?|Value| |--- |--- |--- | |*OSType*|Yes|The only valid value for this setting is **NT**. Note, however, that you must set this setting for the **<condition>** functions to work correctly.| - |*OSVersion*|Yes|The major version, minor version, build number and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version with a pattern. For example, `5.0.*`.| + |*OSVersion*|Yes|The major version, minor version, build number and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version with a pattern such as `5.0.*`.| For example: @@ -268,7 +266,7 @@ The **<condition>** functions return a Boolean value. You can use these el |Setting|Required?|Value| |--- |--- |--- | |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns **FALSE**. For example, if the current operating system is Windows NT-based and *OSType* is **"9x"**, the result will be **FALSE**.| - |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`.

The **IsOSLaterThan** function returns **TRUE** if the current operating system is later than or equal to *OSVersion*.| + |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed such as `5.0`.

The **IsOSLaterThan** function returns **TRUE** if the current operating system is later than or equal to *OSVersion*.| For example: @@ -285,7 +283,7 @@ The **<condition>** functions return a Boolean value. You can use these el |Setting|Required?|Value| |--- |--- |--- | |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns **FALSE**. For example, if the current operating system is Windows NT-based and *OSType* is **"9x"** the result will be **FALSE**.| - |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`.

The **IsOSEarlierThan** function returns **TRUE** if the current operating system is earlier than *OSVersion*.| + |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed such as `5.0`.

The **IsOSEarlierThan** function returns **TRUE** if the current operating system is earlier than *OSVersion*.| ### Object content functions @@ -997,7 +995,7 @@ Syntax: |--- |--- |--- | |filter|No
(default = No)|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`.

The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.| -For example, from the MigUser.xml file: +For example, from the `MigUser.xml` file: ```xml From 35bebf14f40312d3201f233f896d26ef7ad7132f Mon Sep 17 00:00:00 2001 From: Daniel Vazome Date: Mon, 7 Nov 2022 19:59:31 +0200 Subject: [PATCH 029/108] Added missing explanation of the "container" term to hello-faq.yml on the base of retired hello-how-it-works.md. --- .../hello-for-business/hello-faq.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 91cd2ed308..3a044684d8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -63,7 +63,17 @@ sections: answer: | When using Windows Hello for Business, the PIN isn't a symmetric key, whereas the password is a symmetric key. With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn't have a copy of the PIN. For that matter, the Windows client doesn't have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key. The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increase the complexity of the PIN, implement the [Multifactor Unlock](feature-multifactor-unlock.md) feature. - + + - question: What's a container? + answer: | + In the context of Windows Hello for Business it is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. + It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials Windows Hello stores are protected without the creation of actual containers or folders. + The container actually contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) + + - question: How to delete Windows Hello for Business container on a device? + answer: | + You can effectively disable Windows Hello for Business by launching `certutil.exe -deleteHelloContainer` on the end device under a user account. Reboot is required. + - question: How does Windows Hello for Business work with Azure AD registered devices? answer: | A user will be prompted to set up a Windows Hello for Business key on an Azure AD registered devices if the feature is enabled by policy. If the user has an existing Windows Hello container, the Windows Hello for Business key will be enrolled in that container and will be protected using their exiting gestures. From 678b1b92af073dc306ee90a18bade673a61bce99 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 7 Nov 2022 11:18:56 -0800 Subject: [PATCH 030/108] rm-wufbr-previewtag --- windows/deployment/TOC.yml | 8 ++++---- .../update/wufb-reports-configuration-intune.md | 2 +- .../update/wufb-reports-configuration-manual.md | 2 +- .../update/wufb-reports-configuration-script.md | 2 +- windows/deployment/update/wufb-reports-enable.md | 2 +- windows/deployment/update/wufb-reports-help.md | 2 +- windows/deployment/update/wufb-reports-overview.md | 2 +- windows/deployment/update/wufb-reports-prerequisites.md | 2 +- windows/deployment/update/wufb-reports-schema.md | 2 +- windows/deployment/update/wufb-reports-use.md | 2 +- windows/deployment/update/wufb-reports-workbook.md | 2 +- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 2356b68241..a732f8301a 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -184,11 +184,11 @@ href: update/deploy-updates-intune.md - name: Monitor items: - - name: Windows Update for Business reports (preview) + - name: Windows Update for Business reports items: - name: Windows Update for Business reports overview href: update/wufb-reports-overview.md - - name: Enable Windows Update for Business reports (preview) + - name: Enable Windows Update for Business reports items: - name: Windows Update for Business reports prerequisites href: update/wufb-reports-prerequisites.md @@ -200,7 +200,7 @@ href: update/wufb-reports-configuration-manual.md - name: Configure clients with Microsoft Intune href: update/wufb-reports-configuration-intune.md - - name: Use Windows Update for Business reports (preview) + - name: Use Windows Update for Business reports items: - name: Windows Update for Business reports workbook href: update/wufb-reports-workbook.md @@ -210,7 +210,7 @@ href: update/wufb-reports-use.md - name: Feedback, support, and troubleshooting href: update/wufb-reports-help.md - - name: Windows Update for Business reports (preview) schema reference + - name: Windows Update for Business reports schema reference items: - name: Windows Update for Business reports schema reference href: update/wufb-reports-schema.md diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index 571998d9b1..9109171ed4 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -13,7 +13,7 @@ ms.date: 08/24/2022 ms.technology: itpro-updates --- -# Configuring Microsoft Intune devices for Windows Update for Business reports (preview) +# Configuring Microsoft Intune devices for Windows Update for Business reports ***(Applies to: Windows 11 & Windows 10 managed by [Microsoft Intune](/mem/intune/fundamentals/what-is-intune)*** diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md index 7ce5722f77..9a0bdf5d23 100644 --- a/windows/deployment/update/wufb-reports-configuration-manual.md +++ b/windows/deployment/update/wufb-reports-configuration-manual.md @@ -13,7 +13,7 @@ ms.date: 06/06/2022 ms.technology: itpro-updates --- -# Manually configuring devices for Windows Update for Business reports (preview) +# Manually configuring devices for Windows Update for Business reports ***(Applies to: Windows 11 & Windows 10)*** diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md index 56d4ccd30d..9ca0d3dcc6 100644 --- a/windows/deployment/update/wufb-reports-configuration-script.md +++ b/windows/deployment/update/wufb-reports-configuration-script.md @@ -13,7 +13,7 @@ ms.date: 06/16/2022 ms.technology: itpro-updates --- -# Configuring devices through the Windows Update for Business reports (preview) configuration script +# Configuring devices through the Windows Update for Business reports configuration script ***(Applies to: Windows 11 & Windows 10)*** diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md index 3b1232d350..7f290da2c0 100644 --- a/windows/deployment/update/wufb-reports-enable.md +++ b/windows/deployment/update/wufb-reports-enable.md @@ -12,7 +12,7 @@ ms.date: 06/06/2022 ms.technology: itpro-updates --- -# Enable Windows Update for Business reports (preview) +# Enable Windows Update for Business reports ***(Applies to: Windows 11 & Windows 10)*** diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md index 719cb3b0e4..5e16094501 100644 --- a/windows/deployment/update/wufb-reports-help.md +++ b/windows/deployment/update/wufb-reports-help.md @@ -12,7 +12,7 @@ ms.date: 08/10/2022 ms.technology: itpro-updates --- -# Windows Update for Business reports (preview) feedback, support, and troubleshooting +# Windows Update for Business reports feedback, support, and troubleshooting ***(Applies to: Windows 11 & Windows 10)*** diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md index b8e4316eae..54fc4d8efe 100644 --- a/windows/deployment/update/wufb-reports-overview.md +++ b/windows/deployment/update/wufb-reports-overview.md @@ -12,7 +12,7 @@ ms.date: 08/09/2022 ms.technology: itpro-updates --- -# Windows Update for Business reports (preview) overview +# Windows Update for Business reports overview ***(Applies to: Windows 11 & Windows 10)*** diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md index 06347a1910..1d0a3fc734 100644 --- a/windows/deployment/update/wufb-reports-prerequisites.md +++ b/windows/deployment/update/wufb-reports-prerequisites.md @@ -12,7 +12,7 @@ ms.date: 06/30/2022 ms.technology: itpro-updates --- -# Windows Update for Business reports (preview) prerequisites +# Windows Update for Business reports prerequisites ***(Applies to: Windows 11 & Windows 10)*** diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md index cf7eb1c89c..cfa13279e3 100644 --- a/windows/deployment/update/wufb-reports-schema.md +++ b/windows/deployment/update/wufb-reports-schema.md @@ -12,7 +12,7 @@ ms.date: 06/06/2022 ms.technology: itpro-updates --- -# Windows Update for Business reports (preview)schema +# Windows Update for Business reports schema ***(Applies to: Windows 11 & Windows 10)*** diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md index befe5a0d99..6d22e58405 100644 --- a/windows/deployment/update/wufb-reports-use.md +++ b/windows/deployment/update/wufb-reports-use.md @@ -12,7 +12,7 @@ ms.date: 06/06/2022 ms.technology: itpro-updates --- -# Use Windows Update for Business reports (preview) +# Use Windows Update for Business reports ***(Applies to: Windows 11 & Windows 10)*** diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md index e81b473707..3786290923 100644 --- a/windows/deployment/update/wufb-reports-workbook.md +++ b/windows/deployment/update/wufb-reports-workbook.md @@ -12,7 +12,7 @@ ms.date: 10/24/2022 ms.technology: itpro-updates --- -# Windows Update for Business reports (preview) workbook +# Windows Update for Business reports workbook ***(Applies to: Windows 11 & Windows 10)*** From 379ae6ff80827956640b2d527c5f76cac4635fa0 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 8 Nov 2022 00:58:58 +0530 Subject: [PATCH 031/108] Update mcc-enterprise.md Corrected the PS cmdlet --- windows/deployment/do/mcc-enterprise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md index cc068f97a0..2063ed9e6c 100644 --- a/windows/deployment/do/mcc-enterprise.md +++ b/windows/deployment/do/mcc-enterprise.md @@ -241,7 +241,7 @@ Files contained in the mccinstaller.zip file: 1. Enable Nested Virtualization ```powershell - Set -VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true + Set-VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true ``` 2. Enable Mac Spoofing ```powershell From 2c2c3c9ad4169c515fa8dd12b06bd1282e988d06 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:31:33 -0500 Subject: [PATCH 032/108] Metadata/style update deployment/vamt --- .../activate-forest-by-proxy-vamt.md | 45 ++--- .../volume-activation/activate-forest-vamt.md | 50 +++--- ...ctive-directory-based-activation-client.md | 26 ++- ...ivate-using-key-management-service-vamt.md | 64 ++++---- .../activate-windows-10-clients-vamt.md | 104 ++++++------ ...ive-directory-based-activation-overview.md | 27 ++- .../add-manage-products-vamt.md | 17 +- .../add-remove-computers-vamt.md | 84 ++++++---- .../add-remove-product-key-vamt.md | 39 +++-- ...t-to-microsoft-during-activation-client.md | 77 +++++---- .../configure-client-computers-vamt.md | 44 +++-- .../import-export-vamt-data.md | 24 ++- .../install-configure-vamt.md | 20 +-- .../install-kms-client-key-vamt.md | 52 +++--- .../install-product-key-vamt.md | 51 +++--- .../volume-activation/install-vamt.md | 16 +- .../volume-activation/introduction-vamt.md | 8 +- .../volume-activation/kms-activation-vamt.md | 50 +++--- .../local-reactivation-vamt.md | 32 ++-- .../manage-activations-vamt.md | 8 +- .../manage-product-keys-vamt.md | 8 +- .../volume-activation/manage-vamt-data.md | 8 +- .../monitor-activation-client.md | 6 +- .../online-activation-vamt.md | 44 ++--- .../plan-for-volume-activation-client.md | 118 ++++++------- .../proxy-activation-vamt.md | 51 +++--- .../volume-activation/remove-products-vamt.md | 30 ++-- .../scenario-kms-activation-vamt.md | 46 +++--- .../scenario-online-activation-vamt.md | 132 ++++++++------- .../scenario-proxy-activation-vamt.md | 155 +++++++++--------- .../update-product-status-vamt.md | 22 +-- ...olume-activation-management-tool-client.md | 56 +++---- .../use-vamt-in-windows-powershell.md | 20 +-- .../volume-activation/vamt-known-issues.md | 8 +- .../volume-activation/vamt-requirements.md | 10 +- .../volume-activation/vamt-step-by-step.md | 14 +- .../volume-activation-management-tool.md | 8 +- .../volume-activation-windows-10.md | 16 +- 38 files changed, 829 insertions(+), 761 deletions(-) diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md index 5b7165a017..cec3e17944 100644 --- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md @@ -2,18 +2,18 @@ title: Activate by Proxy an Active Directory Forest (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Activate by Proxy an Active Directory Forest -You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest for an isolated workgroup that does not have Internet access. ADBA enables certain volume products to inherit activation from the domain. +You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest for an isolated workgroup that doesn't have Internet access. ADBA enables certain volume products to inherit activation from the domain. > [!IMPORTANT] > ADBA is only applicable to *Generic Volume License Keys (GVLKs)* and *KMS Host key (CSVLK)*. To use ADBA, one or more KMS Host keys (CSVLK) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products. @@ -26,28 +26,29 @@ In a typical proxy-activation scenario, the VAMT host computer distributes a pro ## Requirements Before performing proxy activation, ensure that the network and the VAMT installation meet the following requirements: -- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you must also have VAMT installed on one of the computers in the workgroup. + +- There's an instance of VAMT that is installed on a computer that has Internet access. If you're performing proxy activation for an isolated workgroup, you must also have VAMT installed on one of the computers in the workgroup. - VAMT has administrative permissions to the Active Directory domain. -**To perform an Active Directory forest proxy activation** +### To perform an Active Directory forest proxy activation -1. Open VAMT. -2. In the left-side pane, click the **Active Directory-Based Activation** node. -3. In the right-side **Actions** pane, click **Proxy activate forest** to open the **Install Product Key** dialog box. -4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to activate. -5. If you want to rename the ADBA object, enter a new Active Directory-Based Activation Object name. If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed. -6. Enter the name of the file where you want to save the offline installation ID, or browse to the file location and then click **Open**. If you are activating an AD forest in an isolated workgroup, save the .cilx file to a removable media device. -7. Click **Install Key**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane. -9. Insert the removable media into the VAMT host that has Internet access. Make sure that you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. -10. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -11. In the **Acquire confirmation IDs for file** dialog box, browse to where the .cilx file you exported from the isolated workgroup host computer is located. Select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and acquires the CIDs. -12. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows how many confirmation IDs were successfully acquired, and the name of the file to which the IDs were saved. Click **OK** to close the message. -13. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated workgroup. -14. Open VAMT and then click the **Active Directory-Based Activation** node in the left-side pane. -15. In the right-side **Actions** pane, click **Apply confirmation ID to Active Directory domain**, browse to the .cilx file and then click **Open**. +1. Open VAMT. +2. In the left-side pane, select the **Active Directory-Based Activation** node. +3. In the right-side **Actions** pane, select **Proxy activate forest** to open the **Install Product Key** dialog box. +4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to activate. +5. If you want to rename the ADBA object, enter a new Active Directory-Based Activation Object name. If you want to rename the ADBA object, you must do it now. After you select **Install Key**, the name can't be changed. +6. Enter the name of the file where you want to save the offline installation ID, or browse to the file location and then select **Open**. If you're activating an AD forest in an isolated workgroup, save the `.cilx` file to a removable media device. +7. Select **Install Key**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane. +8. Insert the removable media into the VAMT host that has Internet access. Make sure that you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. +9. In the right-side **Actions** pane, select **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. +10. In the **Acquire confirmation IDs for file** dialog box, browse to where the `.cilx` file you exported from the isolated workgroup host computer is located. Select the file, and then select **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and acquires the CIDs. +11. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows how many confirmation IDs were successfully acquired, and the name of the file to which the IDs were saved. Select **OK** to close the message. +12. Remove the storage device that contains the `.cilx` file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated workgroup. +13. Open VAMT and then select the **Active Directory-Based Activation** node in the left-side pane. +14. In the right-side **Actions** pane, select **Apply confirmation ID to Active Directory domain**, browse to the `.cilx` file and then select **Open**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane. -## Related topics +## Related articles - [Add and Remove Computers](add-remove-computers-vamt.md) diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md index c390b22fe3..70940f40ec 100644 --- a/windows/deployment/volume-activation/activate-forest-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-vamt.md @@ -2,11 +2,11 @@ title: Activate an Active Directory Forest Online (Windows 10) description: Use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest online. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -15,33 +15,41 @@ ms.technology: itpro-fundamentals You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest over the Internet. ADBA enables certain products to inherit activation from the domain. -**Important**   -ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products. +> [!IMPORTANT] +> ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products. ## Requirements Before performing online activation, ensure that the network and the VAMT installation meet the following requirements: -- VAMT is installed on a host computer that has Internet access. -- VAMT has administrative permissions to the Active Directory domain. -- The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node. -**To perform an online Active Directory forest activation** +- VAMT is installed on a host computer that has Internet access. -1. Open VAMT. -2. In the left-side pane, click the **Active Directory-Based Activation** node. -3. In the right-side **Actions** pane, click **Online activate forest** to open the **Install Product Key** dialog box. -4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest. -5. If required, enter a new Active Directory-Based Activation Object name +- VAMT has administrative permissions to the Active Directory domain. - **Important**   - If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed. +- The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node. -6. Click **Install Key**. -7. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. +### To perform an online Active Directory forest activation -The activated object and the date that is was created appear in the **Active Directory-Based Activation** node in the center pane. +1. Open VAMT. -## Related topics +2. In the left-side pane, select the **Active Directory-Based Activation** node. + +3. In the right-side **Actions** pane, select **Online activate forest** to open the **Install Product Key** dialog box. + +4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest. + +5. If necessary, enter a new Active Directory-Based Activation Object name. + + > [!IMPORTANT] + > If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed. + +6. Select **Install Key**. + +7. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. + +The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane. + +## Related articles - [Scenario 1: Online Activation](scenario-online-activation-vamt.md) - [Add and Remove Computers](add-remove-computers-vamt.md) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index 2c413491c3..c19e08bdbc 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -1,40 +1,36 @@ --- title: Activate using Active Directory-based activation description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects. -manager: dougeby -author: aczechowski -ms.author: aaroncz +manager: aaroncz +author: frankroj +ms.author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium -ms.date: 09/16/2022 +ms.date: 11/07/2022 ms.topic: how-to ms.collection: highpri --- # Activate using Active Directory-based activation -**Applies to supported versions of** - -- Windows -- Windows Server -- Office +(*Applies to: Windows, Windows Server, Office*) > [!TIP] > Are you looking for information on retail activation? > -> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0) -> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227) +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that you update the forest schema using *adprep.exe* on a supported server OS. After the schema is updated, older domain controllers can still activate clients. +Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that you update the forest schema using `adprep.exe` on a supported server OS. After the schema is updated, older domain controllers can still activate clients. Any domain-joined computers running a supported OS with a Generic Volume License Key (GVLK) will be activated automatically and transparently. They'll stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention. -To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10. +To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console, or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10. The process proceeds as follows: -1. Do _one_ of the following tasks: +1. Do *one* of the following tasks: - Install the Volume Activation Services server role on a domain controller. Then add a KMS host key by using the Volume Activation Tools Wizard. @@ -134,6 +130,6 @@ To verify your Active Directory-based activation configuration, complete the fol > > To manage individual activations or apply multiple (mass) activations, use the [VAMT](./volume-activation-management-tool.md). -## See also +## Related articles [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index 6fdacc0acb..0d3d2d93aa 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -1,12 +1,12 @@ --- title: Activate using Key Management Service (Windows 10) -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj description: How to activate using Key Management Service in Windows 10. ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 10/16/2017 +ms.date: 11/07/2022 ms.topic: article ms.collection: highpri ms.technology: itpro-fundamentals @@ -14,32 +14,26 @@ ms.technology: itpro-fundamentals # Activate using Key Management Service -**Applies to** +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -**Looking for retail activation?** +There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host: -- [Get Help Activating Microsoft Windows 10](https://support.microsoft.com/help/12440/) -- [Get Help Activating Microsoft Windows 7 or Windows 8.1 ](https://go.microsoft.com/fwlink/p/?LinkId=618644) - -There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host: - -- Host KMS on a computer running Windows 10 -- Host KMS on a computer running Windows Server 2012 R2 +- Host KMS on a computer running Windows 10 +- Host KMS on a computer running Windows Server 2012 R2 - Host KMS on a computer running an earlier version of Windows Check out [Windows 10 Volume Activation Tips](/archive/blogs/askcore/windows-10-volume-activation-tips). -## Key Management Service in Windows 10 +## Key Management Service in Windows 10 + +Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7. -Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7. Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers. To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft activation services. @@ -55,11 +49,11 @@ To activate, use the slmgr.vbs command. Open an elevated command prompt and run 3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation. 4. Run `slmgr.vbs /atp \`. -For more information, see the information for Windows 7 in [Deploy KMS Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502531(v=ws.11)). +For more information, see the information for Windows 7 in [Deploy KMS Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502531(v=ws.11)). -## Key Management Service in Windows Server 2012 R2 +## Key Management Service in Windows Server 2012 R2 -Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista. +Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista. > [!NOTE] > You cannot install a client KMS key into the KMS in Windows Server. @@ -67,9 +61,9 @@ Installing a KMS host key on a computer running Windows Server allows you to act This scenario is commonly used in larger organizations that do not find the overhead of using a server a burden. > [!NOTE] -> If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](/troubleshoot/windows-server/deployment/error-0xc004f015-activate-windows-10). +> If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](/troubleshoot/windows-server/deployment/error-0xc004f015-activate-windows-10). -### Configure KMS in Windows Server 2012 R2 +### Configure KMS in Windows Server 2012 R2 1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials. 2. Launch Server Manager. @@ -115,26 +109,26 @@ Now that the KMS host is configured, it will begin to listen for activation requ ## Verifying the configuration of Key Management Service -You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message. +You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message. > [!NOTE] -> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2. +> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2. To verify that KMS volume activation works, complete the following steps: 1. On the KMS host, open the event log and confirm that DNS publishing is successful. -2. On a client computer, open a Command Prompt window, type **Slmgr.vbs /ato**, and then press ENTER. +2. On a client computer, open a Command Prompt window, type `Slmgr.vbs /ato`, and then press ENTER. - The **/ato** command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information. -3. On a client computer or the KMS host, open an elevated Command Prompt window, type **Slmgr.vbs /dlv**, and then press ENTER. + The `/ato` command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information. +3. On a client computer or the KMS host, open an elevated Command Prompt window, type `Slmgr.vbs /dlv`, and then press ENTER. - The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated. + The `/dlv` command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated. For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](/windows-server/get-started/activation-slmgr-vbs-options). ## Key Management Service in earlier versions of Windows -If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps: +If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps: 1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed. 2. Request a new KMS host key from the Volume Licensing Service Center. @@ -143,6 +137,6 @@ If you have already established a KMS infrastructure in your organization for an For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590). -## See also +## Related articles - [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md index 36d3961a3f..3becdf4dae 100644 --- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md +++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md @@ -1,59 +1,61 @@ --- title: Activate clients running Windows 10 (Windows 10) -description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. +description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Activate clients running Windows 10 -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -**Looking for retail activation?** +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works. -After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works. Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer. -If activation or reactivation is required, the following sequence occurs: -1. If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals. -2. If the computer is not a member of a domain or if the volume activation object is not available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer’s GVLK. -3. The computer tries to activate against Microsoft servers if it is configured with a MAK. -If the client is not able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart. +If activation or reactivation is required, the following sequence occurs: + +1. If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals. + +2. If the computer isn't a member of a domain or if the volume activation object isn't available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer's GVLK. + +3. The computer tries to activate against Microsoft servers if it's configured with a MAK. + +If the client isn't able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart. ## How Key Management Service works -KMS uses a client–server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP. +KMS uses a client-server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP. ### Key Management Service activation thresholds You can activate physical computers and virtual machines by contacting a KMS host. To qualify for KMS activation, there must be a minimum number of qualifying computers (called the activation threshold). KMS clients will be activated only after this threshold has been met. Each KMS host counts the number of computers that have requested activation until the threshold is met. -A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold are not activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more. -When KMS clients are waiting for the KMS to reach the activation threshold, they will connect to the KMS host every two hours to get the current activation count. They will be activated when the threshold is met. +A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold aren't activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more. -In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it is activated. If a computer running Windows 10 receives an activation count of 25 or more, it is activated. +When KMS clients are waiting for the KMS to reach the activation threshold, they'll connect to the KMS host every two hours to get the current activation count. They'll be activated when the threshold is met. + +In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it's activated. If a computer running Windows 10 receives an activation count of 25 or more, it's activated. ### Activation count cache -To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30day period begins again. If a KMS client computer does not renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one. -However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days. -The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size. +To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30 day period begins again. If a KMS client computer doesn't renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one. + +However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days. +The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size. ### Key Management Service connectivity @@ -61,63 +63,67 @@ KMS activation requires TCP/IP connectivity. By default, KMS hosts and clients u ### Key Management Service activation renewal -KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every 7 days. If KMS activation fails, the client computer retries every two hours. After a client computer’s activation is renewed, the activation validity interval begins again. +KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every seven days. If KMS activation fails, the client computer retries every two hours. After a client computer's activation is renewed, the activation validity interval begins again. ### Publication of the Key Management Service -The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update is not available or the KMS host does not have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts. +The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update isn't available or the KMS host doesn't have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts. ### Client discovery of the Key Management Service By default, KMS client computers query DNS for KMS information. The first time a KMS client computer queries DNS for KMS information, it randomly chooses a KMS host from the list of service (SRV) resource records that DNS returns. The address of a DNS server that contains the service (SRV) resource records can be listed as a suffixed entry on KMS client computers, which allows one DNS server to advertise the service (SRV) resource records for KMS, and KMS client computers with other primary DNS servers to find it. -Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters. -If the KMS host that a client computer selects does not respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host does not respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records. -By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way. + +Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters. + +If the KMS host that a client computer selects doesn't respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host doesn't respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records. + +By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated, and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way. ### Domain Name System server configuration -The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update. -The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records. +The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update. +The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records. ### Activating the first Key Management Service host -KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host does not communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers. +KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host doesn't communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers. ### Activating subsequent Key Management Service hosts -Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception. +Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization's KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception. ## How Multiple Activation Key works -A MAK is used for one-time activation with Microsoft’s hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization’s exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit. +A MAK is used for one-time activation with Microsoft's hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization's exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit. You can activate computers by using a MAK in two ways: -- **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that do not maintain a connection to the corporate network. MAK independent activation is shown in Figure 16. + +- **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that don't maintain a connection to the corporate network. MAK independent activation is shown in Figure 16. ![MAK independent activation.](../images/volumeactivationforwindows81-16.jpg) - + **Figure 16**. MAK independent activation -- **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It is also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17. + +- **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It's also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17. ![MAK proxy activation with the VAMT.](../images/volumeactivationforwindows81-17.jpg) - + **Figure 17**. MAK proxy activation with the VAMT -A MAK is recommended for computers that rarely or never connect to the corporate network and for environments in which the number of computers that require activation does not meet the KMS activation threshold. +A MAK is recommended for computers that rarely or never connect to the corporate network and for environments in which the number of computers that require activation doesn't meet the KMS activation threshold. -You can use a MAK for individual computers or with an image that can be duplicated or installed by using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. This is useful for moving a computer off the core network to a disconnected environment. +You can use a MAK for individual computers or with an image that can be duplicated or installed using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. Switching from KMS to a MAK is useful for moving a computer off the core network to a disconnected environment. ### Multiple Activation Key architecture and activation MAK independent activation installs a MAK product key on a client computer. The key instructs that computer to activate itself with Microsoft servers over the Internet. + In MAK proxy activation, the VAMT installs a MAK product key on a client computer, obtains the installation ID from the target computer, sends the installation ID to Microsoft on behalf of the client, and obtains a confirmation ID. The tool then activates the client computer by installing the confirmation ID. ## Activating as a standard user -Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 do not require administrator privileges for activation, but this change does not allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as “rearm.” +Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 don't require administrator privileges for activation, but this change doesn't allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as "rearm." -## See also +## Related articles -- [Volume Activation for Windows 10](volume-activation-windows-10.md) -  -  +- [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md index 3b0a290815..0fb8970234 100644 --- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md +++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md @@ -2,39 +2,38 @@ title: Active Directory-Based Activation Overview (Windows 10) description: Enable your enterprise to activate its computers through a connection to their domain using Active Directory-Based Activation (ADBA). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 12/07/2018 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Active Directory-Based Activation overview -Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company’s domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it is distributed throughout the domain. +Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company's domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it's distributed throughout the domain. ## ADBA scenarios You might use ADBA if you only want to activate domain joined devices. -If you have a server hosting the KMS service, it can be necessary to reactivate licenses if the server is replaced with a new host. This is not necessary When ADBA is used. +If you have a server hosting the KMS service, it can be necessary to reactivate licenses if the server is replaced with a new host. Reactivating licenses isn't necessary When ADBA is used. -ADBA can also make load balancing easier when multiple KMS servers are present since the client can connect to any domain controller. This is simpler than using the DNS service to load balance by configuring priority and weight values. - -Some VDI solutions also require that new clients activate during creation before they are added to the pool. In this scenario, ADBA can eliminate potential VDI issues that might arise due to a KMS outage. +ADBA can also make load balancing easier when multiple KMS servers are present since the client can connect to any domain controller. ADBA is simpler than using the DNS service to load balance by configuring priority and weight values. +Some VDI solutions also require that new clients activate during creation before they're added to the pool. In this VDI scenario, ADBA can eliminate potential VDI issues that might arise due to a KMS outage. ## ADBA methods VAMT enables IT Professionals to manage and activate the ADBA object. Activation can be performed using the following methods: -- Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the ADBA Object a name. -- Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the ADBA Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function. -## Related topics +- Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the ADBA Object a name. + +- Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the ADBA Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function. + +## Related articles - [How to Activate an Active Directory Forest Online](./activate-forest-vamt.md) - [How to Proxy Activate an Active Directory Forest](./activate-forest-by-proxy-vamt.md) -  -  diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md index 5250a833f9..5f9bfce03d 100644 --- a/windows/deployment/volume-activation/add-manage-products-vamt.md +++ b/windows/deployment/volume-activation/add-manage-products-vamt.md @@ -2,26 +2,23 @@ title: Add and Manage Products (Windows 10) description: Add client computers into the Volume Activation Management Tool (VAMT). After you add the computers, you can manage the products that are installed on your network. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Add and Manage Products +# Add and manage products This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network. ## In this Section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[Add and Remove Computers](add-remove-computers-vamt.md) |Describes how to add client computers to VAMT. | |[Update Product Status](update-product-status-vamt.md) |Describes how to update the status of product license. | |[Remove Products](remove-products-vamt.md) |Describes how to remove a product from the product list. | - - - diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md index 66868c46dd..95bad2b880 100644 --- a/windows/deployment/volume-activation/add-remove-computers-vamt.md +++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md @@ -2,59 +2,73 @@ title: Add and Remove Computers (Windows 10) description: The Discover products function on the Volume Activation Management Tool (VAMT) allows you to search the Active Directory domain or a general LDAP query. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Add and Remove Computers +# Add and remove computers You can add computers that have any of the supported Windows or Office products installed to a Volume Activation Management Tool (VAMT) database by using the **Discover products** function. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. You can remove computers from a VAMT database by using the **Delete** function. After you add the computers, you can add the products that are installed on the computers by running the **Update license status** function. -Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information see [Configure Client Computers](configure-client-computers-vamt.md). +Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). ## To add computers to a VAMT database -1. Open VAMT. -2. Click **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box. -3. In the **Discover products** dialog box, click **Search for computers in the Active Directory** to display the search options, then click the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names click the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing. - - To search for computers in a workgroup, click **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names click the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks. -4. Click **Search**. -5. VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below. - To cancel the search, click **Cancel**. When the search is complete the names of the newly-discovered computers appear in the product list view in the center pane. - +1. Open VAMT. + +2. Select **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box. + +3. In the **Discover products** dialog box, select **Search for computers in the Active Directory** to display the search options, then select the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. + + - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names select the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + + - To search by individual computer name or IP address, select **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. VAMT supports both IPv4 and IPV6 addressing. + + - To search for computers in a workgroup, select **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names select the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + + - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks. + +4. Select **Search**. + +5. VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below. + + To cancel the search, select **Cancel**. When the search is complete, the names of the newly discovered computers appear in the product list view in the center pane. + ![VAMT, Finding computers dialog box.](images/dep-win8-l-vamt-findingcomputerdialog.gif) - - **Important**   - This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function. - + + > [!IMPORTANT] + > This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function. + ## To add products to VAMT -1. In the **Products** list, select the computers that need to have their product information added to the VAMT database. -2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. -5. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. -6. VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane. +1. In the **Products** list, select the computers that need to have their product information added to the VAMT database. - **Note**   +2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + +3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +4. Select **Filter**. VAMT displays the filtered list in the center pane. + +5. In the right-side **Actions** pane, select **Update license status** and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials different from the ones you used to log into the computer. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and select **OK**. + +6. VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane. + + > [!NOTE] If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. - + ## To remove computers from a VAMT database -You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, click **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database. +You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, select **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database. -## Related topics +## Related articles - [Add and Manage Products](add-manage-products-vamt.md) - - diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md index d096546643..0e37c178fc 100644 --- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md +++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md @@ -2,35 +2,40 @@ title: Add and Remove a Product Key (Windows 10) description: Add a product key to the Volume Activation Management Tool (VAMT) database. Also, learn how to remove the key from the database. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Add and Remove a Product Key +# Add and remove a product key Before you can use a Multiple Activation Key (MAK), retail, or KMS Host key (CSVLK) product key, you must first add it to the Volume Activation Management Tool (VAMT) database. -## To Add a Product Key +## To add a product key -1. Open VAMT. -2. In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu. -3. Click **Add product keys** to open the **Add Product Keys** dialog box. -4. In the **Add Product Keys** dialog box, select from one of the following methods to add product keys: - - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and click **Add Key(s)**. - - To import a Comma Separated Values (CSV) file containing a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. +1. Open VAMT. - **Note**   - If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. +2. In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu. -## Remove a Product Key +3. Select **Add product keys** to open the **Add Product Keys** dialog box. -- To remove a product key from the list, simply select the key in the list and click **Delete** on the **Selected Items** menu in the right-side pane. Click **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database will not affect the activation state of any products or computers on the network. +4. In the **Add Product Keys** dialog box, select from one of the following methods to add product keys: -## Related topics + - To add product keys manually, select **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and select **Add Key(s)**. + + - To import a Comma Separated Values (CSV) file containing a list of product keys, select **Select a product key file to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**. + + > [!NOTE] + > If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. + +## Remove a product key + +- To remove a product key from the list, select the key in the list and select **Delete** on the **Selected Items** menu in the right-side pane. Select **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database won't affect the activation state of any products or computers on the network. + +## Related articles - [Manage Product Keys](manage-product-keys-vamt.md) diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index d478a5e6fc..07a8a62eaf 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -2,56 +2,63 @@ title: Appendix Information sent to Microsoft during activation (Windows 10) description: Learn about the information sent to Microsoft during activation. ms.reviewer: -manager: dougeby -ms.author: aaroncz -author: aczechowski +manager: aaroncz +ms.author: frankroj +author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article --- # Appendix: Information sent to Microsoft during activation -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 + +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) **Looking for retail activation?** -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) When you activate a computer running Windows 10, the following information is sent to Microsoft: -- The Microsoft product code (a five-digit code that identifies the Windows product you're activating) -- A channel ID or site code that identifies how the Windows product was originally obtained +- The Microsoft product code (a five-digit code that identifies the Windows product you're activating) +- A channel ID or site code that identifies how the Windows product was originally obtained For example, a channel ID or site code identifies whether the product was originally purchased from a retail store, obtained as an evaluation copy, obtained through a volume licensing program, or preinstalled by a computer manufacturer. - -- The date of installation and whether the installation was successful -- Information that helps confirm that your Windows product key hasn't been altered -- Computer make and model -- Version information for the operating system and software -- Region and language settings -- A unique number called a *globally unique identifier*, which is assigned to your computer -- Product key (hashed) and product ID -- BIOS name, revision number, and revision date -- Volume serial number (hashed) of the hard disk drive -- The result of the activation check + +- The date of installation and whether the installation was successful +- Information that helps confirm that your Windows product key hasn't been altered + +- Computer make and model + +- Version information for the operating system and software + +- Region and language settings + +- A unique number called a *globally unique identifier*, which is assigned to your computer + +- Product key (hashed) and product ID + +- BIOS name, revision number, and revision date + +- Volume serial number (hashed) of the hard disk drive + +- The result of the activation check This result includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled: - - - The activation exploit's identifier - - The activation exploit's current state, such as cleaned or quarantined - - Computer manufacturer's identification - - The activation exploit's file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit -- The name and a hash of the contents of your computer's startup instructions file -- If your Windows license is on a subscription basis, information about how your subscription works + + - The activation exploit's identifier + + - The activation exploit's current state, such as cleaned or quarantined + + - Computer manufacturer's identification + + - The activation exploit's file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit + +- The name and a hash of the contents of your computer's startup instructions file + +- If your Windows license is on a subscription basis, information about how your subscription works Standard computer information is also sent, but your computer's IP address is only kept temporarily. @@ -60,6 +67,6 @@ Standard computer information is also sent, but your computer's IP address is on Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft doesn't use the information to contact individual consumers. For more information, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879). -## See also +## Related articles -- [Volume Activation for Windows 10](volume-activation-windows-10.md) +- [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index ec8b2ffdba..392c89d4bf 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -2,21 +2,22 @@ title: Configure Client Computers (Windows 10) description: Learn how to configure client computers to enable the Volume Activation Management Tool (VAMT) to function correctly. ms.reviewer: -manager: dougeby -author: aczechowski -ms.author: aaroncz +manager: aaroncz +author: frankroj +ms.author: frankroj ms.prod: windows-client -ms.date: 04/30/2020 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Configure Client Computers +# Configure client computers To enable the Volume Activation Management Tool (VAMT) to function correctly, certain configuration changes are required on all client computers: - An exception must be set in the client computer's firewall. -- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) will not allow remote administrative operations. + +- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) won't allow remote administrative operations. Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows. @@ -28,11 +29,16 @@ Organizations where the VAMT will be widely used may benefit from making these c Enable the VAMT to access client computers using the **Windows Firewall** Control Panel: 1. Open Control Panel and double-click **System and Security**. -2. Click **Windows Firewall**. -3. Click **Allow a program or feature through Windows Firewall**. -4. Click the **Change settings** option. + +2. Select **Windows Firewall**. + +3. Select **Allow a program or feature through Windows Firewall**. + +4. Select the **Change settings** option. + 5. Select the **Windows Management Instrumentation (WMI)** checkbox. -6. Click **OK**. + +6. Select **OK**. > [!WARNING] > By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below. @@ -44,11 +50,15 @@ Enable the VAMT to access client computers across multiple subnets using the **W ![VAMT Firewall configuration for multiple subnets.](images/dep-win8-l-vamt-firewallconfigurationformultiplesubnets.gif) 1. Open the Control Panel and double-click **Administrative Tools**. -2. Click **Windows Firewall with Advanced Security**. + +2. Select **Windows Firewall with Advanced Security**. + 3. Make your changes for each of the following three WMI items, for the applicable Network Profile (Domain, Public, Private): - Windows Management Instrumentation (ASync-In) + - Windows Management Instrumentation (DCOM-In) + - Windows Management Instrumentation (WMI-In) 4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel. @@ -56,10 +66,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W 5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box. - On the **General** tab, select the **Allow the connection** checkbox. + - On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need. + - On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public). - In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports. + In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically allocated ports. Limiting the range of dynamically allocated ports is useful if, for example, the hardware firewall only allows traffic in a certain range of ports. For more info, see [How to configure RPC dynamic port allocation to work with firewalls](/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang). @@ -71,6 +83,7 @@ Enable the VAMT to access client computers across multiple subnets using the **W On the client computer, create the following registry key using regedit.exe. 1. Navigate to `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system` + 2. Enter the following details: - **Value Name: LocalAccountTokenFilterPolicy** @@ -85,12 +98,15 @@ On the client computer, create the following registry key using regedit.exe. There are several options for organizations to configure the WMI firewall exception for computers: - **Image.** Add the configurations to the master Windows image deployed to all clients. + - **Group Policy.** If the clients are part of a domain, then all clients can be configured using Group Policy. The Group Policy setting for the WMI firewall exception is found in GPMC.MSC at: **Computer Configuration\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Inbound Rules**. -- **Script.** Execute a script using Microsoft Configuration Manager or a third-party remote script execution facility. + +- **Script.** Execute a script using Microsoft Configuration Manager or a third-party remote script execution facility. + - **Manual.** Configure the WMI firewall exception individually on each client. The above configurations will open an additional port through the Windows Firewall on target computers and should be performed on computers that are protected by a network firewall. In order to allow VAMT to query the up-to-date licensing status, the WMI exception must be maintained. We recommend administrators consult their network security policies and make clear decisions when creating the WMI exception. -## Related topics +## Related articles - [Install and Configure VAMT](install-configure-vamt.md) diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md index 8f83af6335..7a5aaa426b 100644 --- a/windows/deployment/volume-activation/import-export-vamt-data.md +++ b/windows/deployment/volume-activation/import-export-vamt-data.md @@ -2,12 +2,12 @@ title: Import and export VAMT data description: Learn how to use the VAMT to import product-activation data from a file into SQL Server. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals -author: aczechowski -ms.date: 05/02/2022 +author: frankroj +ms.date: 11/07/2022 ms.topic: how-to --- @@ -16,10 +16,12 @@ ms.topic: how-to You can use the Volume Activation Management Tool (VAMT) to import product-activation data from a computer information list (`.cilx` or `.cil`) file into SQL Server. Also use VAMT to export product-activation data into a `.cilx` file. A `.cilx` file is an XML file that stores computer and product-activation data. You can import data or export data during the following scenarios: + - Import and merge data from previous versions of VAMT. + - Export data to perform proxy activations. -> [!Warning] +> [!WARNING] > Editing a `.cilx` file through an application other than VAMT can corrupt the `.cilx` file. This method isn't supported. ## Import VAMT data @@ -27,8 +29,11 @@ You can import data or export data during the following scenarios: To import data into VAMT, use the following process: 1. Open VAMT. + 2. In the right-side **Actions** pane, select **Import list** to open the **Import List** dialog box. + 3. In the **Import List** dialog box, navigate to the `.cilx` file location, choose the file, and select **Open**. + 4. In the **Volume Activation Management Tool** dialog box, select **OK** to begin the import. VAMT displays a progress message while the file is being imported. Select **OK** when a message appears and confirms that the import has completed successfully. ## Export VAMT data @@ -36,14 +41,23 @@ To import data into VAMT, use the following process: Exporting VAMT data from a VAMT host computer that's not internet-connected is the first step of proxy activation using multiple VAMT hosts. To export product-activation data to a `.cilx` file: 1. In the left-side pane, select a product you want to export data for, or select **Products** if the list contains data for all products. + 2. If you want to export only part of the data in a product list, in the product-list view in the center pane, select the products you want to export. + 3. In the right-side **Actions** pane on, select **Export list** to open the **Export List** dialog box. + 4. In the **Export List** dialog box, select **Browse** to navigate to the `.cilx` file. + 5. Under **Export options**, select one of the following data-type options: + - Export products and product keys + - Export products only + - Export proxy activation data only. Selecting this option makes sure that the export contains only the licensing information required for the proxy web service to obtain CIDs from Microsoft. No personally identifiable information (PII) is contained in the exported `.cilx` file when this selection is checked. + 6. If you've selected products to export, select the **Export selected product rows only** check box. + 7. Select **Save**. VAMT displays a progress message while the data is being exported. Select **OK** when a message appears and confirms that the export has completed successfully. ## Related articles diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md index 4b1b5ca520..b468f34546 100644 --- a/windows/deployment/volume-activation/install-configure-vamt.md +++ b/windows/deployment/volume-activation/install-configure-vamt.md @@ -2,30 +2,28 @@ title: Install and Configure VAMT (Windows 10) description: Learn how to install and configure the Volume Activation Management Tool (VAMT), and learn where to find information about the process. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Install and Configure VAMT +# Install and configure VAMT This section describes how to install and configure the Volume Activation Management Tool (VAMT). -## In this Section +## In this section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[VAMT Requirements](vamt-requirements.md) |Provides system requirements for installing VAMT on a host computer. | |[Install VAMT](install-vamt.md) |Describes how to get and install VAMT. | |[Configure Client Computers](configure-client-computers-vamt.md) |Describes how to configure client computers on your network to work with VAMT. | -## Related topics +## Related articles - [Introduction to VAMT](introduction-vamt.md) -  -  diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md index 2039634198..eb28f3ff3a 100644 --- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md +++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md @@ -2,39 +2,49 @@ title: Install a KMS Client Key (Windows 10) description: Learn to use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Install a KMS Client Key -You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you are converting a MAK-activated product to KMS activation. +You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you're converting a MAK-activated product to KMS activation. -**Note**   -By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. +> [!NOTE] +> By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. -**To install a KMS Client key** -1. Open VAMT. -2. In the left-side pane click **Products** to open the product list view in the center pane. -3. In the products list view in the center pane, select the products that need to have GVLKs installed. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -7. The **Install Product Key** dialog box displays the keys that are available to be installed. -8. Select the **Automatically select an AD or KMS client key** option and then click **Install Key**. +## To install a KMS Client key + +1. Open VAMT. + +2. In the left-side pane, select **Products** to open the product list view in the center pane. + +3. In the products list view in the center pane, select the products that need to have GVLKs installed. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the center pane. + +6. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. + +7. The **Install Product Key** dialog box displays the keys that are available to be installed. + +8. Select the **Automatically select an AD or KMS client key** option and then select **Install Key**. + + VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. - VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. - The same status is shown under the **Status of Last Action** column in the product list view in the center pane. -## Related topics +## Related articles - [Perform KMS Activation](kms-activation-vamt.md) diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md index c96c711355..350971254b 100644 --- a/windows/deployment/volume-activation/install-product-key-vamt.md +++ b/windows/deployment/volume-activation/install-product-key-vamt.md @@ -2,12 +2,12 @@ title: Install a Product Key (Windows 10) description: Learn to use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -16,26 +16,35 @@ ms.technology: itpro-fundamentals You can use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK). -**To install a Product key** -1. Open VAMT. -2. In the left-side pane, click the product that you want to install keys onto. -3. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. -6. In the products list view in the center pane, sort the list if needed and then select the products that need to have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -7. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -8. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAK based on the selected products. You can select a recommended product key or a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key you want to install, click **Install Key**. Note that only one key can be installed at a time. -9. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +## To install a Product key + +1. Open VAMT. + +2. In the left-side pane, select the product that you want to install keys onto. + +3. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. + +6. In the products list view in the center pane, sort the list if needed and then select the products that need to have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. + +7. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. + +8. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAK based on the selected products. You can select a recommended product key or a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you've selected the product key you want to install, select **Install Key**. Only one key can be installed at a time. + +9. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the product list view in the center pane. - **Note**   - Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right - Volume License Key for Windows](/previous-versions/tn-archive/ee939271(v=technet.10)). + > [!NOTE] + > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right Volume License Key for Windows](/previous-versions/tn-archive/ee939271(v=technet.10)). -## Related topics +## Related articles - [Manage Product Keys](manage-product-keys-vamt.md) - diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index aecd419d3e..0aaeca24e5 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -1,12 +1,12 @@ --- title: Install VAMT (Windows 10) description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 03/11/2019 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -17,10 +17,10 @@ This topic describes how to install the Volume Activation Management Tool (VAMT) ## Install VAMT -You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. +You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. >[!IMPORTANT] ->VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.  +>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator. >[!NOTE] >The VAMT Microsoft Management Console snap-in ships as an x86 package. @@ -78,9 +78,9 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for To uninstall VAMT using the **Programs and Features** Control Panel: -1. Open **Control Panel** and select **Programs and Features**. +1. Open **Control Panel** and select **Programs and Features**. -2. Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. +2. Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index 35011f3cea..3317cf1106 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -2,12 +2,12 @@ title: Introduction to VAMT (Windows 10) description: VAMT enables administrators to automate and centrally manage the Windows, Microsoft Office, and select other Microsoft products volume and retail activation process. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals -author: aczechowski -ms.date: 09/16/2022 +author: frankroj +ms.date: 11/07/2022 ms.topic: overview --- diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md index c6c284ccb9..b7e487c555 100644 --- a/windows/deployment/volume-activation/kms-activation-vamt.md +++ b/windows/deployment/volume-activation/kms-activation-vamt.md @@ -2,45 +2,45 @@ title: Perform KMS Activation (Windows 10) description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Perform KMS Activation -The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products. +The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products. ## Requirements Before configuring KMS activation, ensure that your network and VAMT installation meet the following requirements: -- KMS host is set up and enabled. -- KMS clients can access the KMS host. -- VAMT is installed on a central computer with network access to all client computers. -- The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md). -- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- KMS host is set up and enabled. +- KMS clients can access the KMS host. +- VAMT is installed on a central computer with network access to all client computers. +- The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md). +- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). ## To configure devices for KMS activation **To configure devices for KMS activation** -1. Open VAMT. -2. If necessary, set up the KMS activation preferences. If you don’t need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2. -3. To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. -4. Under **Key Management Services host selection**, select one of the following options: - - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation. - - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation. - - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host. -5. Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box. -6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -7. Click **Filter**. VAMT displays the filtered list in the center pane. -8. In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**. -9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using. +1. Open VAMT. +2. If necessary, set up the KMS activation preferences. If you don't need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2. +3. To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. +4. Under **Key Management Services host selection**, select one of the following options: + - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation. + - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation. + - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host. +5. Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box. +6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +7. Click **Filter**. VAMT displays the filtered list in the center pane. +8. In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**. +9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using. 10. If you are supplying alternate credentials, at the prompt, type the appropriate user name and password and click **OK**. VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane. -  + diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md index 64aa4ddfb2..cbc033c0cf 100644 --- a/windows/deployment/volume-activation/local-reactivation-vamt.md +++ b/windows/deployment/volume-activation/local-reactivation-vamt.md @@ -2,11 +2,11 @@ title: Perform Local Reactivation (Windows 10) description: An initially activated a computer using scenarios like MAK, retail, or CSLVK (KMS host), can be reactivated with Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -16,22 +16,22 @@ ms.technology: itpro-fundamentals If you reinstall Windows® or Microsoft® Office 2010 on a computer that was initially activated using proxy activation (MAK, retail, or CSLVK (KMS host)), and have not made significant changes to the hardware, use this local reactivation procedure to reactivate the program on that computer. Local reactivation relies upon data that was created during the initial proxy activation and stored in the Volume Activation Management Tool (VAMT) database. The database contains the installation ID (IID) and confirmation ID (Pending CID). Local reactivation uses this data to reapply the CID and reactivate those products. Reapplying the same CID conserves the remaining activations on the key. -**Note**   -During the initial proxy activation, the CID is bound to a digital “fingerprint”, which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft. +> [!NOTE] +> During the initial proxy activation, the CID is bound to a digital "fingerprint", which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft. ## To Perform a Local Reactivation **To perform a local reactivation** -1. Open VAMT. Make sure that you are connected to the desired database. -2. In the left-side pane, click the product you want to reactivate to display the products list. -3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**. -7. Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using. -8. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. +1. Open VAMT. Make sure that you are connected to the desired database. +2. In the left-side pane, click the product you want to reactivate to display the products list. +3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the center pane. +6. In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**. +7. Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using. +8. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. VAMT displays the **Apply Confirmation ID** dialog box. diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index ce146804af..b7fda50fbf 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -2,11 +2,11 @@ title: Manage Activations (Windows 10) description: Learn how to manage activations and how to activate a client computer by using various activation methods. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md index 474f83d10d..e5354da617 100644 --- a/windows/deployment/volume-activation/manage-product-keys-vamt.md +++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md @@ -2,11 +2,11 @@ title: Manage Product Keys (Windows 10) description: In this article, learn how to add and remove a product key from the Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md index 39a1737116..d4bbff284f 100644 --- a/windows/deployment/volume-activation/manage-vamt-data.md +++ b/windows/deployment/volume-activation/manage-vamt-data.md @@ -2,11 +2,11 @@ title: Manage VAMT Data (Windows 10) description: Learn how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index 94cdf4e1e9..f1671b98f8 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -1,11 +1,11 @@ --- title: Monitor activation (Windows 10) ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj description: Understand the most common methods to monitor the success of the activation process for a computer running Windows. ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium ms.topic: article ms.technology: itpro-fundamentals diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md index 18ded873b5..f277366807 100644 --- a/windows/deployment/volume-activation/online-activation-vamt.md +++ b/windows/deployment/volume-activation/online-activation-vamt.md @@ -2,11 +2,11 @@ title: Perform Online Activation (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) to enable client products to be activated online. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -18,10 +18,10 @@ You can use the Volume Activation Management Tool (VAMT) to enable client produc ## Requirements Before performing online activation, ensure that the network and the VAMT installation meet the following requirements: -- VAMT is installed on a central computer that has network access to all client computers. -- Both the VAMT host and client computers have Internet access. -- The products that you want to activate are added to VAMT. -- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- VAMT is installed on a central computer that has network access to all client computers. +- Both the VAMT host and client computers have Internet access. +- The products that you want to activate are added to VAMT. +- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs. @@ -29,24 +29,24 @@ The product keys that are installed on the client products must have a sufficien ## To Perform an Online Activation **To perform an online activation** -1. Open VAMT. -2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. -5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -6. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button. -7. Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. -8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. Open VAMT. +2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +4. Click **Filter**. VAMT displays the filtered list in the center pane. +5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product. +6. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button. +7. Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the products list view in the center pane. - **Note**   - Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation. + > [!NOTE] + > Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation. - **Note** - You can use online activation to select products that have different key types and activate the products at the same time. + > [!NOTE] + > You can use online activation to select products that have different key types and activate the products at the same time. ## Related topics - [Manage Activations](manage-activations-vamt.md) diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index 5fe9d182fa..8708715c3f 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -2,10 +2,10 @@ title: Plan for volume activation (Windows 10) description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium ms.topic: article ms.technology: itpro-fundamentals @@ -31,7 +31,7 @@ ms.technology: itpro-fundamentals During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization. >[!NOTE] ->The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets. +>The IP address is used only to verify the location of the request, because some editions of Windows (such as "Starter" editions) can only be activated within certain geographical target markets. ## Distribution channels and activation @@ -39,7 +39,7 @@ In general, Microsoft software is obtained through three main channels: retail, ### Retail activations -The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. +The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys. ### Original equipment manufacturer @@ -50,31 +50,31 @@ OEM activation is valid as long as the customer uses the OEM-provided image on t ### Volume licensing Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: -- Have the license preinstalled through the OEM. -- Purchase a fully packaged retail product. +- Have the license preinstalled through the OEM. +- Purchase a fully packaged retail product. -The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. +The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing. -**Note**   -Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions. +> [!NOTE] +> Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions. ## Activation models For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps. With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose: -- Online activation -- Telephone activation -- VAMT proxy activation +- Online activation +- Telephone activation +- VAMT proxy activation -Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models: -- MAKs -- KMS -- Active Directory-based activation +Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models: +- MAKs +- KMS +- Active Directory-based activation -**Note**   -Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative. +> [!NOTE] +> Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative. Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607). ### Multiple activation key @@ -89,19 +89,19 @@ Organizations can download MAK and KMS keys from the [Volume Licensing Service C ### Key Management Service -With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services. +With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services. -Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user. +Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user. -The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*. +The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*. Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely will more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide. ### Active Directory-based activation -Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. +Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. -Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company’s domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. +Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company's domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. ## Network and connectivity @@ -109,11 +109,11 @@ A modern business network has many nuances and interconnections. This section ex ### Core network -Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network. +Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network. -In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. +In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. -A typical core network that includes a KMS host is shown in Figure 1. +A typical core network that includes a KMS host is shown in Figure 1. ![Typical core network.](../images/volumeactivationforwindows81-01.jpg) @@ -127,47 +127,47 @@ In a large network, it is all but guaranteed that some segments will be isolated Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization. -If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. +If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. -If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2. +If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2. -If the isolated network cannot communicate with the core network’s KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. +If the isolated network cannot communicate with the core network's KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network. ![New KMS host in an isolated network.](../images/volumeactivationforwindows81-02.jpg) -**Figure 2**. New KMS host in an isolated network +**Figure 2**. New KMS host in an isolated network **Branch offices and distant networks** From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: -- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. -- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server. -- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server. -- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option. +- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. +- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server. +- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server. +- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option. ### Disconnected computers -Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. -If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). +Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an "isolated network," where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. +If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). ### Test and development labs -Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately. +Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately. If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide. -In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. +In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. ## Mapping your network to activation methods -Now it’s time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination. +Now it's time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination. **Table 1**. Criteria for activation methods |Criterion |Activation method | |----------|------------------| -|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | -|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

Note
The core network must meet the KMS activation threshold. |KMS (central) | -|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | +|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | +|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

Note
The core network must meet the KMS activation threshold. |KMS (central) | +|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | |Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) | |Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) | |Number of computers in isolated networks where the KMS activation threshold is not met |MAK | @@ -179,14 +179,14 @@ Now it’s time to assemble the pieces into a working solution. By evaluating yo ## Choosing and acquiring keys When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways: -- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License. -- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264). +- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License. +- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264). ### KMS host keys -A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. +A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. -A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. +A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. ### Generic volume licensing keys @@ -202,25 +202,25 @@ You will also need MAK keys with the appropriate number of activations available ## Selecting a KMS host -The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. -KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. +The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. +KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure. -The flow of KMS activation is shown in Figure 3, and it follows this sequence: +The flow of KMS activation is shown in Figure 3, and it follows this sequence: -1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key. -2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. -3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) -4. A client configured with a GVLK uses DNS to locate the KMS host. -5. The client sends one packet to the KMS host. -6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. -7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. -8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. +1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key. +2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. +3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) +4. A client configured with a GVLK uses DNS to locate the KMS host. +5. The client sends one packet to the KMS host. +6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. +7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. +8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. ![KMS activation flow.](../images/volumeactivationforwindows81-03.jpg) **Figure 3**. KMS activation flow ## See also -- [Volume Activation for Windows 10](volume-activation-windows-10.md) +- [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md index 587efce773..7534f442fd 100644 --- a/windows/deployment/volume-activation/proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/proxy-activation-vamt.md @@ -2,11 +2,11 @@ title: Perform Proxy Activation (Windows 10) description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that do not have Internet access. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -17,39 +17,36 @@ You can use the Volume Activation Management Tool (VAMT) to perform activation f In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs Internet access. -**Note**   -For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet.  +> [!NOTE] +> For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. ## Requirements Before performing proxy activation, ensure that your network and the VAMT installation meet the following requirements: -- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup. -- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key. -- VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall. -- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup. +- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key. +- VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall. +- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs. ## To Perform Proxy Activation **To perform proxy activation** -1. Open VAMT. -2. If necessary, install product keys. For more information see: - - [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK). - - [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys. -3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box. -7. In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**. -8. If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox. -9. Click **OK**. +1. Open VAMT. +2. If necessary, install product keys. For more information see: + - [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK). + - [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys. +3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the center pane. +6. In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box. +7. In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**. +8. If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox. +9. Click **OK**. 10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you will be prompted to enter the credentials. - **Note**   + > [!NOTE] You can use proxy activation to select products that have different key types and activate the products at the same time. - - - diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md index e0fa9fe778..f9b25b08fd 100644 --- a/windows/deployment/volume-activation/remove-products-vamt.md +++ b/windows/deployment/volume-activation/remove-products-vamt.md @@ -2,11 +2,11 @@ title: Remove Products (Windows 10) description: Learn how you must delete products from the product list view so you can remove products from the Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -16,17 +16,17 @@ ms.technology: itpro-fundamentals To remove one or more products from the Volume Activation Management Tool (VAMT), you can delete them from the product list view in the center pane. **To delete one or more products** -1. Click a product node in the left-side pane. -2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. -5. Select the products you want to delete. -6. Click **Delete** in the **Selected Items** menu in the right-side pane. -7. On the **Confirm Delete Selected Products** dialog box, click **OK**. +1. Click a product node in the left-side pane. +2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +4. Click **Filter**. VAMT displays the filtered list in the center pane. +5. Select the products you want to delete. +6. Click **Delete** in the **Selected Items** menu in the right-side pane. +7. On the **Confirm Delete Selected Products** dialog box, click **OK**. ## Related topics - [Add and Manage Products](add-manage-products-vamt.md) -  -  + + diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md index 6f92b8bdbb..2aae527d89 100644 --- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md @@ -2,44 +2,44 @@ title: Scenario 3 KMS Client Activation (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Scenario 3: KMS Client Activation -In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md). +In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md). The procedure that is described below assumes the following: -- The KMS Service is enabled and available to all KMS clients. -- VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information. +- The KMS Service is enabled and available to all KMS clients. +- VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information. ## Activate KMS Clients -1. Open VAMT. -2. To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. -3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options: - - **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead. - - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain. - - **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host. -4. In the left-side pane, in the **Products** node, click the product that you want to activate. -5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -7. Click **Filter**. VAMT displays the filtered list in the center pane. -8. Select the products that you want to activate. -9. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +1. Open VAMT. +2. To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. +3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options: + - **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead. + - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain. + - **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host. +4. In the left-side pane, in the **Products** node, click the product that you want to activate. +5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +7. Click **Filter**. VAMT displays the filtered list in the center pane. +8. Select the products that you want to activate. +9. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. 10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the products list view in the center pane. ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) -  -  + + diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md index 0456ed2993..f1fcdf13ee 100644 --- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md @@ -2,11 +2,11 @@ title: Scenario 1 Online Activation (Windows 10) description: Achieve network access by deploying the Volume Activation Management Tool (VAMT) in a Core Network environment. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -14,67 +14,67 @@ ms.technology: itpro-fundamentals # Scenario 1: Online Activation In this scenario, the Volume Activation Management Tool (VAMT) is deployed in the Core Network environment. VAMT is installed on a central computer that has network access to all of the client computers. Both the VAMT host and the client computers have Internet access. The following illustration shows a diagram of an online activation scenario for Multiple Activation Keys (MAKs). You can use this scenario for online activation of the following key types: -- Multiple Activation Key (MAK) -- Windows Key Management Service (KMS) keys: - - KMS Host key (CSVLK) - - Generic Volume License Key (GVLK), or KMS client key -- Retail +- Multiple Activation Key (MAK) +- Windows Key Management Service (KMS) keys: + - KMS Host key (CSVLK) + - Generic Volume License Key (GVLK), or KMS client key +- Retail The Secure Zone represents higher-security Core Network computers that have additional firewall protection. ![VAMT firewall configuration for multiple subnets.](images/dep-win8-l-vamt-makindependentactivationscenario.jpg) ## In This Topic -- [Install and start VAMT on a networked host computer](#bkmk-partone) -- [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo) -- [Connect to VAMT database](#bkmk-partthree) -- [Discover products](#bkmk-partfour) -- [Sort and filter the list of computers](#bkmk-partfive) -- [Collect status information from the computers in the list](#bkmk-partsix) -- [Add product keys and determine the remaining activation count](#bkmk-partseven) -- [Install the product keys](#bkmk-parteight) -- [Activate the client products](#bkmk-partnine) +- [Install and start VAMT on a networked host computer](#bkmk-partone) +- [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo) +- [Connect to VAMT database](#bkmk-partthree) +- [Discover products](#bkmk-partfour) +- [Sort and filter the list of computers](#bkmk-partfive) +- [Collect status information from the computers in the list](#bkmk-partsix) +- [Add product keys and determine the remaining activation count](#bkmk-partseven) +- [Install the product keys](#bkmk-parteight) +- [Activate the client products](#bkmk-partnine) ## Step 1: Install and start VAMT on a networked host computer -1. Install VAMT on the host computer. -2. Click the VAMT icon in the **Start** menu to open VAMT. +1. Install VAMT on the host computer. +2. Click the VAMT icon in the **Start** menu to open VAMT. ## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers -- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). - **Note**   - To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). + > [!NOTE] + > To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). ## Step 3: Connect to a VAMT database -1. If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located. -2. Click **Connect**. -3. If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md) +1. If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located. +2. Click **Connect**. +3. If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md) ## Step 4: Discover products -1. In the left-side pane, in the **Products** node Products, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. -4. Click **Search**. +1. In the left-side pane, in the **Products** node Products, click the product that you want to activate. +2. To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane. +3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query: + - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". + - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing. + - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. +4. Click **Search**. When the search is complete, the products that VAMT discovers appear in the product list view in the center pane. ## Step 5: Sort and filter the list of computers You can sort the list of products so that it is easier to find the computers that require product keys to be activated: -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. -3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. +1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. +2. To sort the list further, you can click one of the column headings to sort by that column. +3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. ## Step 6: Collect status information from the computers in the list @@ -85,47 +85,45 @@ To collect the status from select computers in the database, you can select comp - In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**. - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. - **Note** - If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. + > [!NOTE] + > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. ## Step 7: Add product keys and determine the remaining activation count -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. -2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys: - - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. +1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. +2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys: + - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**. + - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. The keys that you have added appear in the **Product Keys** list view in the center pane. - **Important**   - If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. + > [!IMPORTANT] + > If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. ## Step 8: Install the product keys -1. In the left-side pane, click the product that you want to install keys on to. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive). -3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. In the left-side pane, click the product that you want to install keys on to. +2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive). +3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. +4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. - **Note**   - - Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) + > [!NOTE] + > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) ## Step 9: Activate the client products -1. Select the individual products that you want to activate in the list-view pane. -2. On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option. -3. If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option. -4. Enter your alternate user name and password and click **OK**. -5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed. +1. Select the individual products that you want to activate in the list-view pane. +2. On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option. +3. If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option. +4. Enter your alternate user name and password and click **OK**. +5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed. - **Note**   - Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. - - RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + > [!NOTE] + > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. + > RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM. ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index d66678367b..1d4fd6f9b5 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -2,11 +2,11 @@ title: Scenario 2 Proxy Activation (Windows 10) description: Use the Volume Activation Management Tool (VAMT) to activate products that are installed on workgroup computers in an isolated lab environment. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -19,32 +19,32 @@ In this scenario, the Volume Activation Management Tool (VAMT) is used to activa ## Step 1: Install VAMT on a Workgroup Computer in the Isolated Lab -1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012. -2. Click the VAMT icon in the **Start** menu to open VAMT. +1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012. +2. Click the VAMT icon in the **Start** menu to open VAMT. ## Step 2: Configure the Windows Management Instrumentation Firewall Exception on Target Computers -- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). - **Note**   - To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). + > [!NOTE] + > To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). ## Step 3: Connect to a VAMT Database -1. If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. -2. Click **Connect**. -3. If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) +1. If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. +2. Click **Connect**. +3. If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) ## Step 4: Discover Products -1. In the left-side pane, in the **Products** node, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. -4. Click **Search**. +1. In the left-side pane, in the **Products** node, click the product that you want to activate. +2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. +3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: + - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. + - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". + - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. +4. Click **Search**. The **Finding Computers** window appears and displays the search progress as the computers are located. @@ -54,13 +54,13 @@ When the search is complete, the products that VAMT discovers appear in the list You can sort the list of products so that it is easier to find the computers that require product keys to be activated: -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. -3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. +1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. +2. To sort the list further, you can click one of the column headings to sort by that column. +3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. ## Step 6: Collect Status Information from the Computers in the Isolated Lab @@ -71,74 +71,74 @@ To collect the status from select computers in the database, you can select comp - In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. - **Note** - If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. + > [!NOTE] + > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. ## Step 7: Add Product Keys -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. -2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys: - - To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. +1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. +2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys: + - To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**. + - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. The keys that you have added appear in the **Product Keys** list view in the center pane. ## Step 8: Install the Product Keys on the Isolated Lab Computers -1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). -3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. +2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). +3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. +4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Only one key can be installed at a time. +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. - **Note**   - Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) + > [!NOTE] + > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) - **Note**   - Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + > [!NOTE] + > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. ## Step 9: Export VAMT Data to a .cilx File -In this step, you export VAMT from the workgroup’s host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. +In this step, you export VAMT from the workgroup's host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. -1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products. -2. In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box. -3. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data. -4. Under **Export options**, select one of the following data-type options: - - Export products and product keys. - - Export products only. - - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise’s security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host. -5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box. -6. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. -7. If you exported the list to a file on the host computer’s hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device. +1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products. +2. In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box. +3. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data. +4. Under **Export options**, select one of the following data-type options: + - Export products and product keys. + - Export products only. + - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise's security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host. +5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box. +6. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. +7. If you exported the list to a file on the host computer's hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device. - **Important**   - Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup’s VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. + > [!IMPORTANT] + > Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup's VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. ## Step 10: Acquire Confirmation IDs from Microsoft on the Internet-Connected Host Computer -1. Insert the removable media into the VAMT host that has Internet access. -2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. -3. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. -5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message. +1. Insert the removable media into the VAMT host that has Internet access. +2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. +3. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. +4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. +5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message. ## Step 11: Import the .cilx File onto the VAMT Host within the Isolated Lab Workgroup -1. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. -2. Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating. -3. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box. -4. In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**. -5. Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file. -6. VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported. +1. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. +2. Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating. +3. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box. +4. In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**. +5. Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file. +6. VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported. ## Step 12: Apply the CIDs and Activate the Isolated Lab Computers -1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products. -2. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products. +2. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. @@ -146,21 +146,20 @@ In this step, you export VAMT from the workgroup’s host computer and save it i ## Step 13: (Optional) Reactivating Reimaged Computers in the Isolated Lab If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers has not changed, VAMT can reactivate those computers using the CIDs that are stored in the database. -1. Redeploy products to each computer, using the same computer names as before. -2. Open VAMT. -3. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +1. Redeploy products to each computer, using the same computer names as before. +2. Open VAMT. +3. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. - **Note**   - Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. + > [!NOTE] + > Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. - RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. - **Note**   - Reapplying the same CID conserves the remaining activations on the MAK. + > [!NOTE] + > Reapplying the same CID conserves the remaining activations on the MAK. ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) - diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md index dfd7e456e7..06b0801a32 100644 --- a/windows/deployment/volume-activation/update-product-status-vamt.md +++ b/windows/deployment/volume-activation/update-product-status-vamt.md @@ -2,11 +2,11 @@ title: Update Product Status (Windows 10) description: Learn how to use the Update license status function to add the products that are installed on the computers. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -16,20 +16,20 @@ ms.technology: itpro-fundamentals After you add computers to the VAMT database, you need to use the **Update license status** function to add the products that are installed on the computers. You can also use the **Update license status** at any time to retrieve the most current license status for any products in the VAMT database. To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -**Note**   +> [!NOTE] The license-status query requires a valid computer name for each system queried. If the VAMT database contains computers that were added without Personally Identifiable Information, computer names will not be available for those computers, and the status for these computers will not be updated. ## Update the license status of a product -1. Open VAMT. -2. In the **Products** list, select one or more products that need to have their status updated. -3. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. -4. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. +1. Open VAMT. +2. In the **Products** list, select one or more products that need to have their status updated. +3. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. +4. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. VAMT displays the **Collecting product information** dialog box while it collects the status of all selected products. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane. - **Note**   - If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view. + > [!NOTE] + If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view. ## Related topics - [Add and Manage Products](add-manage-products-vamt.md) diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index 96270a5500..38adbc40dc 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -2,12 +2,12 @@ title: Use the Volume Activation Management Tool (Windows 10) description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to track and monitor several types of product keys. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -15,36 +15,36 @@ ms.technology: itpro-fundamentals # Use the Volume Activation Management Tool **Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2012 +- Windows Server 2008 R2 **Looking for retail activation?** -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys. By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be -installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. +installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. -The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740). +The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740). -In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature. +In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature. ## Activating with the Volume Activation Management Tool You can use the VAMT to complete the activation process in products by using MAK and retail keys, and you can work with computers individually or in groups. The VAMT enables two activation scenarios: -- **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. -- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. +- **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. +- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. By using this method, only the VAMT host computer requires Internet access. Proxy activation by using the VAMT is beneficial for isolated network segments and for cases where your organization has a mix of retail, MAK, and KMS-based activations. ## Tracking products and computers with the Volume Activation Management Tool -The VAMT provides an overview of the activation and licensing status of computers across your network, as shown in Figure 18. Several prebuilt reports are also available to help you proactively manage licensing. +The VAMT provides an overview of the activation and licensing status of computers across your network, as shown in Figure 18. Several prebuilt reports are also available to help you proactively manage licensing. ![VAMT showing the licensing status of multiple computers.](../images/volumeactivationforwindows81-18.jpg) @@ -52,7 +52,7 @@ The VAMT provides an overview of the activation and licensing status of computer ## Tracking key usage with the Volume Activation Management Tool -The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. +The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. ![VAMT showing key types and usage.](../images/volumeactivationforwindows81-19.jpg) @@ -60,16 +60,16 @@ The VAMT makes it easier to track the various keys that are issued to your organ ## Other Volume Activation Management Tool features -The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as: -- **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query. -- **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers. -- **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive. +The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as: +- **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query. +- **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers. +- **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive. For more information, see: -- [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md) -- [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md) +- [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md) +- [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md) ## See also -- [Volume Activation for Windows 10](volume-activation-windows-10.md) -  -  +- [Volume Activation for Windows 10](volume-activation-windows-10.md) + + diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index ce68f48784..eb3b96f723 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -2,11 +2,11 @@ title: Use VAMT in Windows PowerShell (Windows 10) description: Learn how to use Volume Activation Management Tool (VAMT) PowerShell cmdlets to perform the same functions as the Vamt.exe command-line tool. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -22,18 +22,18 @@ The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to p - In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). **To prepare the VAMT PowerShell environment** -- To open PowerShell with administrative credentials, click **Start** and type “PowerShell” to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. +- To open PowerShell with administrative credentials, click **Start** and type "PowerShell" to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. - **Important** - If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: - - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe - - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe + > [!IMPORTANT] + > If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: + - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe + - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe - For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type: ``` powershell - cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0” + cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0" ``` - Import the VAMT PowerShell module. To import the module, type the following at a command prompt: ``` powershell diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 1e02f26440..73685db04c 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -2,11 +2,11 @@ title: VAMT known issues (Windows 10) description: Find out the current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 12/17/2019 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.custom: - CI 111496 diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md index 736a7d6b84..5cc18cd62c 100644 --- a/windows/deployment/volume-activation/vamt-requirements.md +++ b/windows/deployment/volume-activation/vamt-requirements.md @@ -2,11 +2,11 @@ title: VAMT Requirements (Windows 10) description: In this article, learn about the product key and system requierements for Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -37,7 +37,7 @@ The following table lists the system requirements for the VAMT host computer. | Display | 1024x768 or higher resolution monitor | | Network | Connectivity to remote computers via Windows Management Instrumentation (TCP/IP) and Microsoft Activation Web Service on the Internet via HTTPS | | Operating System | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, or later. | -| Additional Requirements |

  • Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).
  • PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](/powershell/scripting/install/installing-powershell).
  • If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.
| +| Additional Requirements |
  • Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).
  • PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](/powershell/scripting/install/installing-powershell).
  • If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.
| ## Related topics - [Install and Configure VAMT](install-configure-vamt.md) diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index 1c161bf9b5..278a558c68 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -2,11 +2,11 @@ title: VAMT Step-by-Step Scenarios (Windows 10) description: Learn step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -21,9 +21,9 @@ This section provides instructions on how to implement the Volume Activation Man |------|------------| |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. | |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers—the first one with Internet access and a second computer within an isolated workgroup—as proxies to perform MAK volume activation for workgroup computers that don't have Internet access. | -|[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | +|[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | ## Related articles - [Introduction to VAMT](introduction-vamt.md) -  -  + + diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index b24992eac1..9771f187cd 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -1,12 +1,12 @@ --- title: VAMT technical reference description: The Volume Activation Management Tool (VAMT) enables network administrators to automate and centrally manage volume activation and retail activation. -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals -author: aczechowski -ms.date: 09/16/2022 +author: frankroj +ms.date: 11/07/2022 ms.topic: overview ms.custom: seo-marvel-apr2020 --- diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index c97a874ef7..0ddbc94c96 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -2,12 +2,12 @@ title: Volume Activation for Windows 10 description: Learn how to use volume activation to deploy & activate Windows 10. Includes details for orgs that have used volume activation for earlier versions of Windows. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -30,7 +30,7 @@ ms.technology: itpro-fundamentals - [Get Help Activating Microsoft Windows](https://support.microsoft.com/help/12440/windows-10-activate) -This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. +This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. *Volume activation* is the process that Microsoft volume licensing customers use to automate and manage the activation of Windows operating systems, Microsoft Office, and other Microsoft products across large organizations. Volume licensing is available to customers who purchase software under various volume programs (such as [Open](https://www.microsoft.com/Licensing/licensing-programs/open-license) and [Select](https://www.microsoft.com/Licensing/licensing-programs/select)) and to participants in programs such as the [Microsoft Partner Program](https://partner.microsoft.com/) and [MSDN Subscriptions](https://visualstudio.microsoft.com/msdn-platforms/). @@ -38,11 +38,11 @@ Volume activation is a configurable solution that helps automate and manage the This guide provides information and step-by-step guidance to help you choose a volume activation method that suits your environment, and then to configure that solution successfully. This guide describes the volume activation features and the tools to manage volume activation. -Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions. +Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions. Volume activation -and the need for activation itself- is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)). -If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). +If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). To successfully plan and implement a volume activation strategy, you must: @@ -54,7 +54,7 @@ To successfully plan and implement a volume activation strategy, you must: - Determine the monitoring and reporting needs in your organization. - Install and configure the tools required to support the methods selected. -Keep in mind that the method of activation does not change an organization’s responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place. +Keep in mind that the method of activation does not change an organization's responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place. ## Additional information From 6086fc196f6e7977f08c54d800206be5e71bb819 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:44:42 -0500 Subject: [PATCH 033/108] Metadata/style update deployment/usmt FINAL 3 --- windows/deployment/usmt/migration-store-types-overview.md | 2 +- windows/deployment/usmt/usmt-resources.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 5e1a067416..9059505be0 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -43,7 +43,7 @@ If you have enough space and you're migrating the user state back to the same co If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely such as on a shared folder, on removable media, or you can store it directly on the destination computer. For example: -1. Ceate and share `C:\store` on the destination computer +1. Create and share `C:\store` on the destination computer 2. Run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store` 3. Run the `LoadState.exe ` command on the destination computer and specify `C:\Store` as the store location. diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md index 85ae4c90f8..b23b2f2352 100644 --- a/windows/deployment/usmt/usmt-resources.md +++ b/windows/deployment/usmt/usmt-resources.md @@ -27,9 +27,9 @@ ms.technology: itpro-deploy - Forums: - - [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386) + - [Microsoft Deployment Toolkit forum](https://learn.microsoft.com/answers/topics/mem-mdt.html) - - [Configuration Manager Operating System Deployment](https://social.technet.microsoft.com/Forums/en-US/home?forum=ConfigMgrCBOSD) + - [Configuration Manager Operating System Deployment forum](https://learn.microsoft.com/answers/topics/mem-cm-osd.html) ## Related articles From 0c011037a79afd3d902f4c511780294d79b3eb54 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:52:23 -0500 Subject: [PATCH 034/108] Metadata/style update deployment/usmt FINAL 4 --- windows/deployment/usmt/usmt-resources.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md index b23b2f2352..ac1cc27168 100644 --- a/windows/deployment/usmt/usmt-resources.md +++ b/windows/deployment/usmt/usmt-resources.md @@ -27,9 +27,9 @@ ms.technology: itpro-deploy - Forums: - - [Microsoft Deployment Toolkit forum](https://learn.microsoft.com/answers/topics/mem-mdt.html) + - [Microsoft Deployment Toolkit forum](/answers/topics/mem-mdt.html) - - [Configuration Manager Operating System Deployment forum](https://learn.microsoft.com/answers/topics/mem-cm-osd.html) + - [Configuration Manager Operating System Deployment forum](/answers/topics/mem-cm-osd.html) ## Related articles From 920fb30784ef9c8e96016920f860822718380e8c Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 7 Nov 2022 16:30:10 -0500 Subject: [PATCH 035/108] Metadata/style update deployment/vamt 2 --- .../volume-activation/install-vamt.md | 24 ++++---- .../volume-activation/introduction-vamt.md | 12 ++-- .../volume-activation/kms-activation-vamt.md | 45 ++++++++++----- .../local-reactivation-vamt.md | 40 +++++++++----- .../manage-activations-vamt.md | 7 +-- .../manage-product-keys-vamt.md | 10 ++-- .../volume-activation/manage-vamt-data.md | 5 +- .../monitor-activation-client.md | 40 +++++++------- .../online-activation-vamt.md | 38 ++++++++----- .../plan-for-volume-activation-client.md | 55 ++++++++++++------- 10 files changed, 165 insertions(+), 111 deletions(-) diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index 0aaeca24e5..8cb4d09f92 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -13,23 +13,26 @@ ms.technology: itpro-fundamentals # Install VAMT -This topic describes how to install the Volume Activation Management Tool (VAMT). +This article describes how to install the Volume Activation Management Tool (VAMT). -## Install VAMT +## Installing VAMT You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. >[!IMPORTANT] ->VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator. +>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator. >[!NOTE] ->The VAMT Microsoft Management Console snap-in ships as an x86 package. +>The VAMT Microsoft Management Console snap-in ships as an x86 package. ### Requirements - [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied + - Latest version of the [Windows 10 ADK](/windows-hardware/get-started/adk-install) + - Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) version, the latest is recommended + - Alternatively, any supported **full** SQL instance ### Install SQL Server Express / alternatively use any full SQL instance @@ -42,7 +45,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for 4. Enter an install location or use the default path, and then select **Install**. -5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**. +5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**. ![In this example, the instance name is SQLEXPRESS01.](images/sql-instance.png) @@ -50,7 +53,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for 1. Download the latest version of [Windows 10 ADK](/windows-hardware/get-started/adk-install). - If an older version is already installed, it is recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database. + If an older version is already installed, it's recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database. 2. Enter an install location or use the default path, and then select **Next**. @@ -58,7 +61,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for 4. Accept the license terms. -5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. (You can select additional features to install as well.) +5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well. 6. On the completion page, select **Close**. @@ -72,15 +75,10 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for For remote SQL Server, use `servername.yourdomain.com`. - - ## Uninstall VAMT To uninstall VAMT using the **Programs and Features** Control Panel: 1. Open **Control Panel** and select **Programs and Features**. -2. Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. - - - +2. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index 3317cf1106..292a9965b1 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -18,7 +18,7 @@ The Volume Activation Management Tool (VAMT) enables network administrators and > [!NOTE] > VAMT can be installed on, and can manage, physical or virtual instances. VAMT can't detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated. -## Managing MAK and retail activation +## Managing MAK and retail activation You can use a MAK or a retail product key to activate Windows, Windows Server, or Office on an individual computer or a group of computers. VAMT enables two different activation scenarios: @@ -26,23 +26,25 @@ You can use a MAK or a retail product key to activate Windows, Windows Server, o - **Proxy activation**: This activation method enables you to perform volume activation for products installed on client computers that don't have internet access. The VAMT host computer distributes a MAK, KMS host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs internet access. You can also activate products installed on computers in a workgroup that's isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the internet-connected VAMT host. -## Managing KMS activation +## Managing KMS activation In addition to MAK or retail activation, you can use VAMT to perform volume activation using the KMS. VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by volume license editions of Windows, Windows Server, and Office. VAMT treats a KMS host key (CSVLK) product key identically to a retail-type product key. The experience for product key entry and activation management are identical for both these product key types. -## Enterprise environment +## Enterprise environment VAMT is commonly implemented in enterprise environments. The following screenshot illustrates three common environments: core network, secure zone, and isolated lab. ![VAMT in the enterprise.](images/dep-win8-l-vamt-image001-enterprise.jpg) - In the core network environment, all computers are within a common network managed by Active Directory Domain Services (AD DS). + - The secure zone represents higher-security core network computers that have extra firewall protection. + - The isolated lab environment is a workgroup that is physically separate from the core network, and its computers don't have internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab. -## VAMT user interface +## VAMT user interface The following screenshot shows the VAMT graphical user interface: @@ -58,7 +60,7 @@ VAMT provides a single, graphical user interface for managing activations, and f - **Managing product keys**: You can store multiple product keys and use VAMT to install these keys to remote client products. You can also determine the number of activations remaining for MAKs. -- **Managing activation data**: VAMT stores activation data in a SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format. +- **Managing activation data**: VAMT stores activation data in an SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format. ## Next steps diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md index b7e487c555..6cb46bb913 100644 --- a/windows/deployment/volume-activation/kms-activation-vamt.md +++ b/windows/deployment/volume-activation/kms-activation-vamt.md @@ -11,36 +11,53 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Perform KMS Activation +# Perform KMS activation The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products. ## Requirements Before configuring KMS activation, ensure that your network and VAMT installation meet the following requirements: + - KMS host is set up and enabled. + - KMS clients can access the KMS host. + - VAMT is installed on a central computer with network access to all client computers. + - The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md). -- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). + +- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure client computers](configure-client-computers-vamt.md). ## To configure devices for KMS activation -**To configure devices for KMS activation** 1. Open VAMT. + 2. If necessary, set up the KMS activation preferences. If you don't need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2. -3. To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. + +3. To set up the preferences, on the menu bar select **View**, then select **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. + 4. Under **Key Management Services host selection**, select one of the following options: - - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation. - - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation. - - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host. -5. Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box. + + - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer, and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation. + + - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer, and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation. + + - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments that don't use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host. + +5. Select **Apply**, and then select **OK** to close the **Volume Activation Management Tool Preferences** dialog box. + 6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -7. Click **Filter**. VAMT displays the filtered list in the center pane. -8. In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**. -9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using. -10. If you are supplying alternate credentials, at the prompt, type the appropriate user name and password and click **OK**. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +7. Select **Filter**. VAMT displays the filtered list in the center pane. + +8. In the right-side pane, select **Activate** in the **Selected Items** menu, and then select **Volume activate**. + +9. Select a credential option. Choose **Alternate credentials** only if you're activating products that require administrator credentials different from the ones you're currently using. + +10. If you're supplying alternate credentials, at the prompt, type the appropriate user name and password and select **OK**. VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane. - diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md index cbc033c0cf..e761c3c2f5 100644 --- a/windows/deployment/volume-activation/local-reactivation-vamt.md +++ b/windows/deployment/volume-activation/local-reactivation-vamt.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Perform Local Reactivation +# Perform local reactivation If you reinstall Windows® or Microsoft® Office 2010 on a computer that was initially activated using proxy activation (MAK, retail, or CSLVK (KMS host)), and have not made significant changes to the hardware, use this local reactivation procedure to reactivate the program on that computer. Local reactivation relies upon data that was created during the initial proxy activation and stored in the Volume Activation Management Tool (VAMT) database. The database contains the installation ID (IID) and confirmation ID (Pending CID). Local reactivation uses this data to reapply the CID and reactivate those products. Reapplying the same CID conserves the remaining activations on the key. @@ -19,26 +19,36 @@ Local reactivation relies upon data that was created during the initial proxy ac > [!NOTE] > During the initial proxy activation, the CID is bound to a digital "fingerprint", which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft. -## To Perform a Local Reactivation +## To perform a local reactivation + +1. Open VAMT. Make sure that you're connected to the desired database. + +2. In the left-side pane, select the product you want to reactivate to display the products list. -**To perform a local reactivation** -1. Open VAMT. Make sure that you are connected to the desired database. -2. In the left-side pane, click the product you want to reactivate to display the products list. 3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + 4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**. -7. Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using. -8. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. - + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the center pane. + +6. In the right-side pane, select **Activate**, and then select **Apply Confirmation ID**. + +7. Select a credential option. Choose **Alternate credentials** only if you're reactivating products that require administrator credentials different from the ones you're currently using. + +8. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name, and password and select **OK**. + VAMT displays the **Apply Confirmation ID** dialog box. -10. If you are using a different product key than the product key used for initial activation, you must complete a new activation to obtain a new CID. -11. If you are activating a product that requires administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** check box. -12. Click **OK**. +9. If you're using a different product key than the product key used for initial activation, you must complete a new activation to obtain a new CID. -## Related topics +10. If you're activating a product that requires administrator credentials different from the ones you're currently using, select the **Use Alternate Credentials** check box. + +11. Select **OK**. + +## Related article - [Manage Activations](manage-activations-vamt.md) diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index b7fda50fbf..80263f739c 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -17,14 +17,11 @@ This section describes how to activate a client computer, by using various activ ## In this Section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[Perform Online Activation](online-activation-vamt.md) |Describes how to activate a client computer over the Internet. | |[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that don't have Internet access. | |[Perform KMS Activation](kms-activation-vamt.md) |Describes how to perform volume activation using the Key Management Service (KMS). | |[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. | |[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to activate an Active Directory forest, online. | |[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that isn't connected to the Internet. | - - - diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md index e5354da617..423133a3b4 100644 --- a/windows/deployment/volume-activation/manage-product-keys-vamt.md +++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md @@ -13,14 +13,12 @@ ms.technology: itpro-fundamentals # Manage Product Keys -This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database. +This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product, or products you select in the VAMT database. + ## In this Section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[Add and Remove a Product Key](add-remove-product-key-vamt.md) |Describes how to add a product key to the VAMT database. | |[Install a Product Key](install-product-key-vamt.md) |Describes how to install a product key for specific product. | |[Install a KMS Client Key](install-kms-client-key-vamt.md) |Describes how to install a GVLK (KMS client) key. | - - - diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md index d4bbff284f..5d61f42b3b 100644 --- a/windows/deployment/volume-activation/manage-vamt-data.md +++ b/windows/deployment/volume-activation/manage-vamt-data.md @@ -16,7 +16,8 @@ ms.technology: itpro-fundamentals This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT). ## In this Section -|Topic |Description | -|------|------------| + +|Article |Description | +|-------|------------| |[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. | |[Use VAMT in Windows PowerShell](use-vamt-in-windows-powershell.md) |Describes how to access Windows PowerShell and how to import the VAMT PowerShell module. | diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index f1671b98f8..c5b52eb8b8 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -13,28 +13,30 @@ ms.technology: itpro-fundamentals # Monitor activation -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -**Looking for retail activation?** - -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) You can monitor the success of the activation process for a computer running Windows in several ways. The most popular methods include: -- Using the Volume Licensing Service Center website to track use of MAK keys. -- Using the **Slmgr /dlv** command on a client computer or on the KMS host. (For a full list of options, see [Slmgr.vbs Options](/previous-versions//ff793433(v=technet.10)).) -- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it is available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.) -- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290). -- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager. -- See [Troubleshooting activation error codes](/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS). -- The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section. -## See also +- Using the Volume Licensing Service Center website to track use of MAK keys. + +- Using the `Slmgr /dlv` command on a client computer or on the KMS host. For a full list of options, see [Slmgr.vbs options](/previous-versions//ff793433(v=technet.10)). + +- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it's available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.) + +- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290). + +- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager. + +- See [Troubleshooting activation error codes](/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS). + +- The VAMT provides a single site from which to manage and monitor volume activations. This feature is explained in the next section. + +## Related articles [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md index f277366807..4e3c76dae1 100644 --- a/windows/deployment/volume-activation/online-activation-vamt.md +++ b/windows/deployment/volume-activation/online-activation-vamt.md @@ -11,42 +11,54 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Perform Online Activation +# Perform online activation You can use the Volume Activation Management Tool (VAMT) to enable client products to be activated over the Internet. You can install the client products with any kind of product key that is eligible for online activation—Multiple Activation Key (MAK), retail, and Windows Key Management Services (KMS) host key. ## Requirements Before performing online activation, ensure that the network and the VAMT installation meet the following requirements: + - VAMT is installed on a central computer that has network access to all client computers. + - Both the VAMT host and client computers have Internet access. + - The products that you want to activate are added to VAMT. + - VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking -**Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs. +The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires Internet access and that the remaining activation count can only be retrieved for MAKs. -## To Perform an Online Activation +## To perform an online activation -**To perform an online activation** 1. Open VAMT. + 2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + 3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +4. Select **Filter**. VAMT displays the filtered list in the center pane. + 5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -6. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button. -7. Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. -8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + +6. Select **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane isn't displayed, select the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button. + +7. Point to **Online activate**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password. + +8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the products list view in the center pane. > [!NOTE] > Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation. - + > [!NOTE] > You can use online activation to select products that have different key types and activate the products at the same time. -## Related topics -- [Manage Activations](manage-activations-vamt.md) +## Related articles + +- [Manage activations](manage-activations-vamt.md) diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index 8708715c3f..e89a31bf6e 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -13,18 +13,13 @@ ms.technology: itpro-fundamentals # Plan for volume activation -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -**Looking for retail activation?** - -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) *Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation. @@ -50,7 +45,9 @@ OEM activation is valid as long as the customer uses the OEM-provided image on t ### Volume licensing Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: + - Have the license preinstalled through the OEM. + - Purchase a fully packaged retail product. The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. @@ -64,13 +61,19 @@ Volume licensing is also available through certain subscription or membership pr For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps. With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose: + - Online activation + - Telephone activation + - VAMT proxy activation Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models: + - MAKs + - KMS + - Active Directory-based activation > [!NOTE] @@ -123,7 +126,7 @@ A typical core network that includes a KMS host is shown in Figure 1. In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues. -**Isolated for security** +#### Isolated for security Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization. @@ -139,11 +142,16 @@ If the network is fully isolated, MAK-independent activation would be the recomm **Figure 2**. New KMS host in an isolated network -**Branch offices and distant networks** +#### Branch offices and distant networks + From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: + - **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. + - **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server. + - **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server. + - **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option. ### Disconnected computers @@ -166,7 +174,7 @@ Now it's time to assemble the pieces into a working solution. By evaluating your |Criterion |Activation method | |----------|------------------| |Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | -|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

Note
The core network must meet the KMS activation threshold. |KMS (central) | +|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

**Note**
The core network must meet the KMS activation threshold. |KMS (central) | |Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | |Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) | |Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) | @@ -174,13 +182,15 @@ Now it's time to assemble the pieces into a working solution. By evaluating your |Number of computers in test and development labs that will not be activated |None| |Number of computers that do not have a retail volume license |Retail (online or phone) | |Number of computers that do not have an OEM volume license |OEM (at factory) | -|Total number of computer activations

Note
This total should match the total number of licensed computers in your organization. | +|Total number of computer activations

**Note**
This total should match the total number of licensed computers in your organization. | ## Choosing and acquiring keys When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways: + - Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License. -- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264). + +- Contact your [Microsoft activation center](https://go.microsoft.com/fwlink/p/?LinkId=618264). ### KMS host keys @@ -194,7 +204,7 @@ When you create installation media or images for client computers that will be a Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK will not activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential. -Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)). +Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS client setup keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)). ### Multiple activation keys @@ -209,18 +219,25 @@ A single KMS host can support unlimited numbers of KMS clients, but Microsoft re The flow of KMS activation is shown in Figure 3, and it follows this sequence: 1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key. + 2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. + 3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) + 4. A client configured with a GVLK uses DNS to locate the KMS host. + 5. The client sends one packet to the KMS host. + 6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. + 7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. + 8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. ![KMS activation flow.](../images/volumeactivationforwindows81-03.jpg) **Figure 3**. KMS activation flow -## See also +## Related articles + - [Volume Activation for Windows 10](volume-activation-windows-10.md) - From 424cc886c21fc165e4f65707eb95f6531c4b24d5 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 16:39:24 -0500 Subject: [PATCH 036/108] add more missing values to security3 --- .../hello-for-business/hello-hybrid-key-trust-devreg.md | 1 + .../hello-for-business/hello-hybrid-key-trust-dirsync.md | 1 + .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 1 + .../hello-for-business/hello-hybrid-key-trust.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-provision.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-settings-ad.md | 1 + .../hello-hybrid-key-whfb-settings-dir-sync.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-settings-policy.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-settings.md | 1 + .../hello-for-business/hello-identity-verification.md | 1 + .../hello-for-business/hello-key-trust-adfs.md | 1 + .../hello-for-business/hello-key-trust-policy-settings.md | 1 + .../hello-for-business/hello-key-trust-validate-ad-prereq.md | 1 + .../hello-for-business/hello-key-trust-validate-deploy-mfa.md | 1 + .../hello-for-business/hello-key-trust-validate-pki.md | 1 + .../hello-for-business/hello-manage-in-organization.md | 1 + .../identity-protection/hello-for-business/hello-overview.md | 1 + .../hello-for-business/hello-planning-guide.md | 1 + .../hello-for-business/hello-prepare-people-to-use.md | 1 + .../identity-protection/hello-for-business/hello-videos.md | 1 + .../hello-for-business/hello-why-pin-is-better-than-password.md | 1 + .../hello-for-business/microsoft-compatible-security-key.md | 1 + .../hello-for-business/passwordless-strategy.md | 1 + .../identity-protection/hello-for-business/reset-security-key.md | 1 + .../hello-for-business/retired/hello-how-it-works.md | 1 + .../identity-protection/hello-for-business/webauthn-apis.md | 1 + windows/security/identity-protection/index.md | 1 + windows/security/identity-protection/password-support-policy.md | 1 + windows/security/identity-protection/remote-credential-guard.md | 1 + .../smart-cards/smart-card-and-remote-desktop-services.md | 1 + .../identity-protection/smart-cards/smart-card-architecture.md | 1 + .../smart-cards/smart-card-certificate-propagation-service.md | 1 + .../smart-card-certificate-requirements-and-enumeration.md | 1 + .../smart-cards/smart-card-debugging-information.md | 1 + .../identity-protection/smart-cards/smart-card-events.md | 1 + .../smart-cards/smart-card-group-policy-and-registry-settings.md | 1 + .../smart-card-how-smart-card-sign-in-works-in-windows.md | 1 + .../smart-cards/smart-card-removal-policy-service.md | 1 + .../smart-cards/smart-card-smart-cards-for-windows-service.md | 1 + .../smart-cards/smart-card-tools-and-settings.md | 1 + .../smart-card-windows-smart-card-technical-reference.md | 1 + .../user-account-control/how-user-account-control-works.md | 1 + ...ser-account-control-group-policy-and-registry-key-settings.md | 1 + .../user-account-control/user-account-control-overview.md | 1 + .../user-account-control-security-policy-settings.md | 1 + .../virtual-smart-card-deploy-virtual-smart-cards.md | 1 + .../virtual-smart-cards/virtual-smart-card-evaluate-security.md | 1 + .../virtual-smart-cards/virtual-smart-card-get-started.md | 1 + .../virtual-smart-cards/virtual-smart-card-overview.md | 1 + .../virtual-smart-cards/virtual-smart-card-tpmvscmgr.md | 1 + .../virtual-smart-card-understanding-and-evaluating.md | 1 + .../virtual-smart-card-use-virtual-smart-cards.md | 1 + ...nfigure-diffie-hellman-protocol-over-ikev2-vpn-connections.md | 1 + ...w-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 1 + windows/security/identity-protection/vpn/vpn-authentication.md | 1 + .../security/identity-protection/vpn/vpn-auto-trigger-profile.md | 1 + .../security/identity-protection/vpn/vpn-conditional-access.md | 1 + windows/security/identity-protection/vpn/vpn-connection-type.md | 1 + windows/security/identity-protection/vpn/vpn-guide.md | 1 + windows/security/identity-protection/vpn/vpn-name-resolution.md | 1 + .../identity-protection/vpn/vpn-office-365-optimization.md | 1 + windows/security/identity-protection/vpn/vpn-profile-options.md | 1 + windows/security/identity-protection/vpn/vpn-routing.md | 1 + 64 files changed, 64 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index fd9fad17ad..60421b9698 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 58389706ba..883e949f0a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 7e0ee11ade..a91f625b7b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -14,6 +14,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 139b688429..addf5f5a20 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Hybrid Azure AD joined Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 7e8b605a06..85b0134eed 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning ## Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 82635e9dc7..eefcf80dae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 +ms.technology: itpro-security --- # Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory appliesto: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 450505d7d9..4a6cacda34 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index f7988f68c5..899024b5f2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 7efeafa243..c014de2fb4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 7ab9f2066d..48fe302c63 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index acc55181b3..1b10ff4e76 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: article localizationpriority: medium ms.date: 2/15/2022 +ms.technology: itpro-security --- # Windows Hello for Business Deployment Prerequisite Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index bba82b4054..7bcdb76263 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index b5cae63015..f53e797115 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Windows Hello for Business Policy settings - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index 52f79740bf..a7cf2a4367 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Validate Active Directory prerequisites - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index f2b2ad6a0c..42ee5bdd01 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Validate and Deploy Multifactor Authentication (MFA) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 4e174f4e5d..97af709387 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Validate and Configure Public Key Infrastructure - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 040e423688..ef4ec913e4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -15,6 +15,7 @@ ms.date: 2/15/2022 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Manage Windows Hello for Business in your organization diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 7a7fb4b8fe..eb85e9ca3b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 - ✅ Windows Holographic for Business +ms.technology: itpro-security --- # Windows Hello for Business Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index a47024a34d..36ba184666 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -14,6 +14,7 @@ ms.date: 09/16/2020 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Planning a Windows Hello for Business Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index 4a53de6f97..78291dadbd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -13,6 +13,7 @@ ms.date: 08/19/2018 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Prepare people to use Windows Hello diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 0cc2a08540..3a99c148bd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -13,6 +13,7 @@ ms.date: 07/26/2022 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Windows Hello for Business Videos ## Overview of Windows Hello for Business and Features diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index d7dd7adec6..b6e68de3cc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -15,6 +15,7 @@ ms.date: 10/23/2017 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Why a PIN is better than an online password diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index db16a0bdac..01125209e2 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 11/14/2018 +ms.technology: itpro-security --- # What is a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 6da7cc1034..5c2b1147af 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -13,6 +13,7 @@ ms.date: 05/24/2022 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Password-less strategy diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index ecddd67b7f..bf8a6a57bf 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 11/14/2018 +ms.technology: itpro-security --- # How to reset a Microsoft-compatible security key? > [!Warning] diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index 21756b8260..4653d23331 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -11,6 +11,7 @@ ms.topic: article appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # How Windows Hello for Business works in Windows devices diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md index 9d8fa5c21b..afac158d28 100644 --- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md +++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md @@ -13,6 +13,7 @@ ms.date: 09/15/2022 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # WebAuthn APIs for passwordless authentication on Windows diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index cf8573f679..efab24f84a 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -12,6 +12,7 @@ ms.date: 02/05/2018 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Identity and access management diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md index 5b65618db7..fe76412c23 100644 --- a/windows/security/identity-protection/password-support-policy.md +++ b/windows/security/identity-protection/password-support-policy.md @@ -11,6 +11,7 @@ author: paolomatarazzo ms.author: paoloma manager: aaroncz ms.date: 11/20/2019 +ms.technology: itpro-security --- # Technical support policy for lost or forgotten passwords diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index 81ceb05cfd..943feee191 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -14,6 +14,7 @@ ms.date: 01/12/2018 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Protect Remote Desktop credentials with Windows Defender Remote Credential Guard diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md index 45274c687c..94d820ba53 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md +++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card and Remote Desktop Services diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md index 7277b044d4..8fdd044d15 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md +++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Architecture diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md index 00b2152267..664a098b48 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Certificate Propagation Service diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index 5707ce0650..eafc1a53ec 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Certificate Requirements and Enumeration diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md index 7604db531a..041be309ae 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md +++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md @@ -18,6 +18,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Troubleshooting diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md index fd2d69b73f..82b2141687 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-events.md +++ b/windows/security/identity-protection/smart-cards/smart-card-events.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Events diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index c32bc12fe2..9ba33317ac 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Group Policy and Registry Settings diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md index 7faa54e44a..75800f2ed8 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md +++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md @@ -17,6 +17,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # How Smart Card Sign-in Works in Windows diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md index bd2846b176..1dde909358 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Removal Policy Service diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md index af5b9e8bb6..60ec54e817 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Cards for Windows Service diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md index 106071d129..fe25ba9e7c 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Tools and Settings diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md index f1676735c7..073e9fb3e9 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md +++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Technical Reference diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md index 49a56c854a..9736d287a0 100644 --- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md +++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md @@ -18,6 +18,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # How User Account Control works diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md index 540e4342f1..aeae137539 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md @@ -18,6 +18,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # User Account Control Group Policy and registry key settings diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md index 39dfcbd0bc..1e1fb5f9a7 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md @@ -18,6 +18,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # User Account Control diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md index 040697c29c..2b860883d7 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md @@ -17,6 +17,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # User Account Control security policy settings diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md index 0f5fef56ab..7154750f0b 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Deploy Virtual Smart Cards diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md index f5ce64521a..8aff0f477f 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Evaluate Virtual Smart Card Security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md index ab366df26d..3dbfc81372 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Get Started with Virtual Smart Cards: Walkthrough Guide diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md index acb3e89bb3..361c943258 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md @@ -12,6 +12,7 @@ ms.date: 10/13/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Virtual Smart Card Overview diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md index 45e7c18037..c4bbcf77bd 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Tpmvscmgr diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md index 6b9c28ede3..7145692213 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Understanding and Evaluating Virtual Smart Cards diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md index 713f1ab1f6..c8e7f675e5 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md @@ -12,6 +12,7 @@ ms.date: 10/13/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Use Virtual Smart Cards diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 863eec92a6..5ca81d5c91 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # How to configure Diffie Hellman protocol over IKEv2 VPN connections diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index d7cefe3eee..4b167fab27 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -10,6 +10,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # How to use Single Sign-On (SSO) over VPN and Wi-Fi connections diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index 508f1851bc..fa541c4f87 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN authentication options diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 84b2d6c66b..e7e1f831ab 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN auto-triggered profile options diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 2589095203..5d7a695376 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -11,6 +11,7 @@ ms.date: 09/23/2021 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN and conditional access diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md index 473b6fede7..c3b4995351 100644 --- a/windows/security/identity-protection/vpn/vpn-connection-type.md +++ b/windows/security/identity-protection/vpn/vpn-connection-type.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN connection types diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md index 54ef63f227..40331b878d 100644 --- a/windows/security/identity-protection/vpn/vpn-guide.md +++ b/windows/security/identity-protection/vpn/vpn-guide.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Windows VPN technical guide diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md index cc0d1c17d1..61fccf4518 100644 --- a/windows/security/identity-protection/vpn/vpn-name-resolution.md +++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN name resolution diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md index 3512900011..6e45c35a7e 100644 --- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md +++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md @@ -12,6 +12,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index ca5caf8f25..ebd414e637 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -11,6 +11,7 @@ ms.date: 05/17/2018 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN profile options diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md index 8a4d2a49b8..195202fe24 100644 --- a/windows/security/identity-protection/vpn/vpn-routing.md +++ b/windows/security/identity-protection/vpn/vpn-routing.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN routing decisions From a9f6881484a6dd188a8fbd3ce55dd8411d1b4a01 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 16:54:26 -0500 Subject: [PATCH 037/108] add missing values --- .../security/identity-protection/vpn/vpn-security-features.md | 1 + .../windows-credential-theft-mitigation-guide-abstract.md | 1 + .../bitlocker/bcd-settings-and-bitlocker.md | 1 + .../bitlocker/bitlocker-basic-deployment.md | 1 + .../bitlocker/bitlocker-countermeasures.md | 1 + .../bitlocker/bitlocker-deployment-comparison.md | 1 + .../bitlocker/bitlocker-device-encryption-overview-windows-10.md | 1 + .../bitlocker/bitlocker-group-policy-settings.md | 1 + .../bitlocker/bitlocker-how-to-deploy-on-windows-server.md | 1 + .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 1 + .../bitlocker/bitlocker-management-for-enterprises.md | 1 + .../information-protection/bitlocker/bitlocker-overview.md | 1 + .../bitlocker/bitlocker-recovery-loop-break.md | 1 + ...r-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md | 1 + .../bitlocker-use-bitlocker-recovery-password-viewer.md | 1 + ...pare-your-organization-for-bitlocker-planning-and-policies.md | 1 + ...er-shared-volumes-and-storage-area-networks-with-bitlocker.md | 1 + windows/security/information-protection/encrypted-hard-drive.md | 1 + windows/security/information-protection/index.md | 1 + .../kernel-dma-protection-for-thunderbolt.md | 1 + .../pluton/microsoft-pluton-security-processor.md | 1 + windows/security/information-protection/pluton/pluton-as-tpm.md | 1 + .../information-protection/secure-the-windows-10-boot-process.md | 1 + .../tpm/backup-tpm-recovery-information-to-ad-ds.md | 1 + .../information-protection/tpm/change-the-tpm-owner-password.md | 1 + .../information-protection/tpm/how-windows-uses-the-tpm.md | 1 + .../tpm/initialize-and-configure-ownership-of-the-tpm.md | 1 + .../security/information-protection/tpm/manage-tpm-commands.md | 1 + .../security/information-protection/tpm/manage-tpm-lockout.md | 1 + .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md | 1 + windows/security/information-protection/tpm/tpm-fundamentals.md | 1 + .../security/information-protection/tpm/tpm-recommendations.md | 1 + .../tpm/trusted-platform-module-overview.md | 1 + .../trusted-platform-module-services-group-policy-settings.md | 1 + .../tpm/trusted-platform-module-top-node.md | 1 + .../windows-information-protection/app-behavior-with-wip.md | 1 + .../collect-wip-audit-event-logs.md | 1 + .../create-and-verify-an-efs-dra-certificate.md | 1 + .../create-vpn-and-wip-policy-using-intune-azure.md | 1 + .../create-wip-policy-using-configmgr.md | 1 + .../create-wip-policy-using-intune-azure.md | 1 + .../deploy-wip-policy-using-intune-azure.md | 1 + .../enlightened-microsoft-apps-and-wip.md | 1 + .../guidance-and-best-practices-wip.md | 1 + .../windows-information-protection/how-to-disable-wip.md | 1 + .../windows-information-protection/limitations-with-wip.md | 1 + .../windows-information-protection/mandatory-settings-for-wip.md | 1 + .../overview-create-wip-policy-configmgr.md | 1 + .../windows-information-protection/overview-create-wip-policy.md | 1 + .../protect-enterprise-data-using-wip.md | 1 + .../recommended-network-definitions-for-wip.md | 1 + .../windows-information-protection/testing-scenarios-for-wip.md | 1 + .../windows-information-protection/using-owa-with-wip.md | 1 + .../windows-information-protection/wip-app-enterprise-context.md | 1 + .../windows-information-protection/wip-learning.md | 1 + 55 files changed, 55 insertions(+) diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md index 852ee0c9d5..d21e11182a 100644 --- a/windows/security/identity-protection/vpn/vpn-security-features.md +++ b/windows/security/identity-protection/vpn/vpn-security-features.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN security features diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md index 1e475ba610..9b7bb26672 100644 --- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md +++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Windows Credential Theft Mitigation Guide Abstract diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 4a3b3e57ca..a2bd69a418 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -11,6 +11,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # Boot Configuration Data settings and BitLocker diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 76f08567b4..9e61120973 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker basic deployment diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 857466fec6..e515250330 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker Countermeasures diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md index 58f168e9a7..50fa530e4f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/20/2021 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker deployment comparison diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 9ee83c9b95..314bdaff4d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 03/10/2022 ms.custom: bitlocker +ms.technology: itpro-security --- # Overview of BitLocker Device Encryption in Windows diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 8f2e37d39f..2294d0cd3e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -13,6 +13,7 @@ ms.collection: ms.topic: conceptual ms.date: 04/17/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker group policy settings diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 17dd8a1f09..531619802d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -11,6 +11,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker: How to deploy on Windows Server 2012 and later diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 4face62ddf..0865f08910 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker: How to enable network unlock diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index cc4705af8e..55b4f6d837 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -11,6 +11,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker management for enterprises diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index 8d83958580..10c1086676 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 01/26/2018 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index 62c8fe56d0..30291fe4c7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 10/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # Breaking out of a BitLocker recovery loop diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index c276611731..8dd862bb76 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -13,6 +13,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index 56d645428f..5d93cacbd9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -13,6 +13,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker: Use BitLocker Recovery Password Viewer diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index 079b849ca8..054be23605 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 04/24/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # Prepare your organization for BitLocker: Planning and policies diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index 803ad864c1..e8b8312363 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -11,6 +11,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # Protecting cluster shared volumes and storage area networks with BitLocker diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 33e815d670..96c61886e5 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -7,6 +7,7 @@ ms.author: dansimp ms.prod: windows-client author: dulcemontemayor ms.date: 04/02/2019 +ms.technology: itpro-security --- # Encrypted Hard Drive diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md index c95e39d0c0..39c23c342b 100644 --- a/windows/security/information-protection/index.md +++ b/windows/security/information-protection/index.md @@ -8,6 +8,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/10/2018 +ms.technology: itpro-security --- # Information protection diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 147e0ad051..63520fd7a9 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -10,6 +10,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 03/26/2019 +ms.technology: itpro-security --- # Kernel DMA Protection diff --git a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md index 3939be9c9d..b80634992b 100644 --- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md +++ b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md @@ -13,6 +13,7 @@ ms.topic: conceptual ms.date: 09/15/2022 appliesto: - ✅ Windows 11, version 22H2 +ms.technology: itpro-security --- # Microsoft Pluton security processor diff --git a/windows/security/information-protection/pluton/pluton-as-tpm.md b/windows/security/information-protection/pluton/pluton-as-tpm.md index 2eba011694..17a05782e9 100644 --- a/windows/security/information-protection/pluton/pluton-as-tpm.md +++ b/windows/security/information-protection/pluton/pluton-as-tpm.md @@ -13,6 +13,7 @@ ms.topic: conceptual ms.date: 09/15/2022 appliesto: - ✅ Windows 11, version 22H2 +ms.technology: itpro-security --- # Microsoft Pluton as Trusted Platform Module diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index fec7e2f25b..95230d2990 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -11,6 +11,7 @@ ms.collection: ms.topic: conceptual ms.date: 05/12/2022 ms.author: dansimp +ms.technology: itpro-security --- # Secure the Windows boot process diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md index 88de60b907..5122a7ca67 100644 --- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md @@ -9,6 +9,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/03/2021 +ms.technology: itpro-security --- # Back up the TPM recovery information to AD DS diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index 16f70af2df..5dd050c200 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -9,6 +9,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/18/2022 +ms.technology: itpro-security --- # Change the TPM owner password diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index 8dac1018ca..bd02dc2445 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -11,6 +11,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 09/03/2021 +ms.technology: itpro-security --- # How Windows uses the Trusted Platform Module diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index f0ed4e0e7e..77acd1c9f9 100644 --- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -11,6 +11,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Troubleshoot the TPM diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md index fabbf667ac..4dae6be6e1 100644 --- a/windows/security/information-protection/tpm/manage-tpm-commands.md +++ b/windows/security/information-protection/tpm/manage-tpm-commands.md @@ -9,6 +9,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Manage TPM commands diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md index ab7e5f71c9..90cfc7c9ac 100644 --- a/windows/security/information-protection/tpm/manage-tpm-lockout.md +++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md @@ -9,6 +9,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Manage TPM lockout diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md index 81449edff3..4abbc40f2d 100644 --- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md +++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md @@ -10,6 +10,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Understanding PCR banks on TPM 2.0 devices diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 84966ce948..4b69fd9484 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -10,6 +10,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 12/27/2021 +ms.technology: itpro-security --- # TPM fundamentals diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md index 816f36c806..4cdc7ef9f0 100644 --- a/windows/security/information-protection/tpm/tpm-recommendations.md +++ b/windows/security/information-protection/tpm/tpm-recommendations.md @@ -12,6 +12,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # TPM recommendations diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 8a21a83f1c..06be1d344b 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -12,6 +12,7 @@ ms.collection: - highpri ms.topic: conceptual adobe-target: true +ms.technology: itpro-security --- # Trusted Platform Module Technology Overview diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md index d81a34cdbe..a9ccf2a714 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md @@ -10,6 +10,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # TPM Group Policy settings diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md index dc338ea85c..59a276f5ee 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md @@ -11,6 +11,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Trusted Platform Module diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index 16301e0592..687a9b8a7e 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 19987b59ef..0949bc418e 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # How to collect Windows Information Protection (WIP) audit event logs diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 452dcc0cac..76c6da850e 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -10,6 +10,7 @@ ms.reviewer: rafals ms.collection: M365-security-compliance ms.topic: how-to ms.date: 07/15/2022 +ms.technology: itpro-security --- # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 84d2cbd34e..b7624b94f7 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index a5f4831ea5..f4c9cd0e4a 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -10,6 +10,7 @@ ms.reviewer: rafals ms.collection: M365-security-compliance ms.topic: how-to ms.date: 07/15/2022 +ms.technology: itpro-security --- # Create and deploy a Windows Information Protection policy in Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 55a76f28af..1294e3f168 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -9,6 +9,7 @@ ms.reviewer: rafals ms.collection: M365-security-compliance ms.topic: how-to ms.date: 07/15/2022 +ms.technology: itpro-security --- # Create a Windows Information Protection policy in Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index 9a285c4817..6578e9bc6c 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 ms.reviewer: +ms.technology: itpro-security --- # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 7960ef2c04..6cea050345 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/02/2019 +ms.technology: itpro-security --- # List of enlightened Microsoft apps for use with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index 3c84852f67..6f758d95da 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 +ms.technology: itpro-security --- # General guidance and best practices for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md index a37766ca18..8356183a84 100644 --- a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md +++ b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md @@ -9,6 +9,7 @@ author: lizgt2000 ms.author: lizlong ms.reviewer: aaroncz manager: dougeby +ms.technology: itpro-security --- # How to disable Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 1679964f76..de06121632 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/05/2019 ms.localizationpriority: medium +ms.technology: itpro-security --- # Limitations while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 1bb878384d..9f086b7f07 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/25/2022 ms.reviewer: +ms.technology: itpro-security --- # Mandatory tasks and settings required to turn on Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md index e2f1e9a416..076aac8eaf 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 +ms.technology: itpro-security --- # Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index 6a28d6795c..49798db25b 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/11/2019 +ms.technology: itpro-security --- # Create a Windows Information Protection (WIP) policy using Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index f73f212820..9992aec7b6 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -11,6 +11,7 @@ ms.collection: - M365-security-compliance ms.topic: overview ms.date: 07/15/2022 +ms.technology: itpro-security --- # Protect your enterprise data using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index cf10227eb8..fef7dcfa1e 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/25/2019 ms.reviewer: +ms.technology: itpro-security --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 7115c88cc2..35d93c25c4 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 +ms.technology: itpro-security --- # Testing scenarios for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index bff685e23b..5f413c3657 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # Using Outlook on the web with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index 554b5b2662..37cf054aa4 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # Determine the Enterprise Context of an app running in Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index f5d1914f60..8f15eb8d9c 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -10,6 +10,7 @@ manager: dougeby ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 +ms.technology: itpro-security --- # Fine-tune Windows Information Protection (WIP) with WIP Learning From c2739595f617e1c0afc1d0030d673c400709fa1e Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:04:52 -0500 Subject: [PATCH 038/108] add missing to security5 --- windows/security/threat-protection/auditing/event-4774.md | 2 +- windows/security/threat-protection/auditing/event-5059.md | 4 ++-- windows/security/threat-protection/auditing/event-5060.md | 4 ++-- windows/security/threat-protection/auditing/event-5061.md | 4 ++-- windows/security/threat-protection/auditing/event-5062.md | 4 ++-- windows/security/threat-protection/auditing/event-5063.md | 4 ++-- windows/security/threat-protection/auditing/event-5064.md | 4 ++-- windows/security/threat-protection/auditing/event-5065.md | 4 ++-- windows/security/threat-protection/auditing/event-5066.md | 4 ++-- windows/security/threat-protection/auditing/event-5067.md | 4 ++-- windows/security/threat-protection/auditing/event-5068.md | 4 ++-- windows/security/threat-protection/auditing/event-5069.md | 4 ++-- windows/security/threat-protection/auditing/event-5070.md | 4 ++-- windows/security/threat-protection/auditing/event-5136.md | 4 ++-- windows/security/threat-protection/auditing/event-5137.md | 4 ++-- windows/security/threat-protection/auditing/event-5138.md | 4 ++-- windows/security/threat-protection/auditing/event-5139.md | 4 ++-- windows/security/threat-protection/auditing/event-5140.md | 4 ++-- windows/security/threat-protection/auditing/event-5141.md | 4 ++-- windows/security/threat-protection/auditing/event-5142.md | 4 ++-- windows/security/threat-protection/auditing/event-5143.md | 4 ++-- windows/security/threat-protection/auditing/event-5144.md | 4 ++-- windows/security/threat-protection/auditing/event-5145.md | 4 ++-- windows/security/threat-protection/auditing/event-5148.md | 4 ++-- windows/security/threat-protection/auditing/event-5149.md | 4 ++-- windows/security/threat-protection/auditing/event-5150.md | 4 ++-- windows/security/threat-protection/auditing/event-5151.md | 4 ++-- windows/security/threat-protection/auditing/event-5152.md | 4 ++-- windows/security/threat-protection/auditing/event-5153.md | 4 ++-- windows/security/threat-protection/auditing/event-5154.md | 4 ++-- windows/security/threat-protection/auditing/event-5155.md | 4 ++-- windows/security/threat-protection/auditing/event-5156.md | 4 ++-- windows/security/threat-protection/auditing/event-5157.md | 4 ++-- windows/security/threat-protection/auditing/event-5158.md | 4 ++-- windows/security/threat-protection/auditing/event-5159.md | 4 ++-- windows/security/threat-protection/auditing/event-5168.md | 4 ++-- windows/security/threat-protection/auditing/event-5376.md | 4 ++-- windows/security/threat-protection/auditing/event-5377.md | 4 ++-- windows/security/threat-protection/auditing/event-5378.md | 4 ++-- windows/security/threat-protection/auditing/event-5447.md | 4 ++-- windows/security/threat-protection/auditing/event-5632.md | 6 +++--- windows/security/threat-protection/auditing/event-5633.md | 4 ++-- windows/security/threat-protection/auditing/event-5712.md | 4 ++-- windows/security/threat-protection/auditing/event-5888.md | 4 ++-- windows/security/threat-protection/auditing/event-5889.md | 4 ++-- windows/security/threat-protection/auditing/event-5890.md | 4 ++-- windows/security/threat-protection/auditing/event-6144.md | 4 ++-- windows/security/threat-protection/auditing/event-6145.md | 4 ++-- windows/security/threat-protection/auditing/event-6281.md | 4 ++-- windows/security/threat-protection/auditing/event-6400.md | 4 ++-- windows/security/threat-protection/auditing/event-6401.md | 4 ++-- windows/security/threat-protection/auditing/event-6402.md | 4 ++-- windows/security/threat-protection/auditing/event-6403.md | 4 ++-- windows/security/threat-protection/auditing/event-6404.md | 4 ++-- windows/security/threat-protection/auditing/event-6405.md | 4 ++-- windows/security/threat-protection/auditing/event-6406.md | 4 ++-- .../block-untrusted-fonts-in-enterprise.md | 4 ++-- windows/security/threat-protection/fips-140-validation.md | 4 ++-- .../threat-protection/get-support-for-security-baselines.md | 4 ++-- windows/security/threat-protection/index.md | 4 ++-- .../security/threat-protection/mbsa-removal-and-guidance.md | 4 ++-- .../threat-protection/msft-security-dev-lifecycle.md | 4 ++-- ...-mitigation-options-for-app-related-security-policies.md | 4 ++-- .../overview-of-threat-mitigations-in-windows-10.md | 4 ++-- ...by-controlling-the-health-of-windows-10-based-devices.md | 6 +++--- 65 files changed, 131 insertions(+), 131 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index 2301e2110f..4cf831e05b 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/07/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index 6c069ab814..26cd95b0d4 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -2,7 +2,7 @@ title: 5059(S, F) Key migration operation. (Windows 10) description: Describes security event 5059(S, F) Key migration operation. This event is generated when a cryptographic key is exported/imported using a Key Storage Provider. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5059(S, F): Key migration operation. diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index 00c3fc26b4..1a65f76633 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -2,7 +2,7 @@ title: 5060(F) Verification operation failed. (Windows 10) description: Describes security event 5060(F) Verification operation failed. This event is generated when the CNG verification operation fails. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5060(F): Verification operation failed. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index 2b6cc4b64c..d47254485f 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -2,7 +2,7 @@ title: 5061(S, F) Cryptographic operation. (Windows 10) description: Describes security event 5061(S, F) Cryptographic operation. This event is generated when a cryptographic operation is performed using a Key Storage Provider. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5061(S, F): Cryptographic operation. diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index b038353b7d..08b0f7bce0 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -2,7 +2,7 @@ title: 5062(S) A kernel-mode cryptographic self-test was performed. (Windows 10) description: Describes security event 5062(S) A kernel-mode cryptographic self-test was performed. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5062(S): A kernel-mode cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index 52e68d3dbd..784019bc18 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -2,7 +2,7 @@ title: 5063(S, F) A cryptographic provider operation was attempted. (Windows 10) description: Describes security event 5063(S, F) A cryptographic provider operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5063(S, F): A cryptographic provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index 9dd6ca5e47..807d3ee45d 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -2,7 +2,7 @@ title: 5064(S, F) A cryptographic context operation was attempted. (Windows 10) description: Describes security event 5064(S, F) A cryptographic context operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5064(S, F): A cryptographic context operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index 46772ff759..3e978d64a3 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -2,7 +2,7 @@ title: 5065(S, F) A cryptographic context modification was attempted. (Windows 10) description: Describes security event 5065(S, F) A cryptographic context modification was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5065(S, F): A cryptographic context modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index 1a4dd7ae96..e834a9e584 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -2,7 +2,7 @@ title: 5066(S, F) A cryptographic function operation was attempted. (Windows 10) description: Describes security event 5066(S, F) A cryptographic function operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5066(S, F): A cryptographic function operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index 01b6ce22cb..5aa395a688 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -2,7 +2,7 @@ title: 5067(S, F) A cryptographic function modification was attempted. (Windows 10) description: Describes security event 5067(S, F) A cryptographic function modification was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5067(S, F): A cryptographic function modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index c365519a4c..814ea02d50 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -2,7 +2,7 @@ title: 5068(S, F) A cryptographic function provider operation was attempted. (Windows 10) description: Describes security event 5068(S, F) A cryptographic function provider operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5068(S, F): A cryptographic function provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index 68a9da47b3..b8d6466c09 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -2,7 +2,7 @@ title: 5069(S, F) A cryptographic function property operation was attempted. (Windows 10) description: Describes security event 5069(S, F) A cryptographic function property operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5069(S, F): A cryptographic function property operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index 85ccd666f0..1232c68bd4 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -2,7 +2,7 @@ title: 5070(S, F) A cryptographic function property modification was attempted. (Windows 10) description: Describes security event 5070(S, F) A cryptographic function property modification was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5070(S, F): A cryptographic function property modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index d58033c0a7..97f862f3a6 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -2,7 +2,7 @@ title: 5136(S) A directory service object was modified. (Windows 10) description: Describes security event 5136(S) A directory service object was modified. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5136(S): A directory service object was modified. diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index a0d084c4f8..072f6dede2 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -2,7 +2,7 @@ title: 5137(S) A directory service object was created. (Windows 10) description: Describes security event 5137(S) A directory service object was created. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5137(S): A directory service object was created. diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index abb03c8027..5fcb9a3381 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -2,7 +2,7 @@ title: 5138(S) A directory service object was undeleted. (Windows 10) description: Describes security event 5138(S) A directory service object was undeleted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5138(S): A directory service object was undeleted. diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index ca0b1825f9..e89fd1eb91 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -2,7 +2,7 @@ title: 5139(S) A directory service object was moved. (Windows 10) description: Describes security event 5139(S) A directory service object was moved. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5139(S): A directory service object was moved. diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index ea890e4738..5d72bf2c8c 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -2,7 +2,7 @@ title: 5140(S, F) A network share object was accessed. (Windows 10) description: Describes security event 5140(S, F) A network share object was accessed. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5140(S, F): A network share object was accessed. diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index fbc9435158..d7ba9c67d4 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -2,7 +2,7 @@ title: 5141(S) A directory service object was deleted. (Windows 10) description: Describes security event 5141(S) A directory service object was deleted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5141(S): A directory service object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index 74e31d363f..6930a066d4 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -2,7 +2,7 @@ title: 5142(S) A network share object was added. (Windows 10) description: Describes security event 5142(S) A network share object was added. This event is generated when a network share object is added. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5142(S): A network share object was added. diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index e485322da4..ccfe6641b0 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -2,7 +2,7 @@ title: 5143(S) A network share object was modified. (Windows 10) description: Describes security event 5143(S) A network share object was modified. This event is generated when a network share object is modified. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5143(S): A network share object was modified. diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 50f697a96f..69aa754e48 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -2,7 +2,7 @@ title: 5144(S) A network share object was deleted. (Windows 10) description: Describes security event 5144(S) A network share object was deleted. This event is generated when a network share object is deleted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5144(S): A network share object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 782cdb4911..8f47f2b4d1 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -2,7 +2,7 @@ title: 5145(S, F) A network share object was checked to see whether client can be granted desired access. (Windows 10) description: Describes security event 5145(S, F) A network share object was checked to see whether client can be granted desired access. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5145(S, F): A network share object was checked to see whether client can be granted desired access. diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index 109b4da544..bb9ab2267c 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -2,7 +2,7 @@ title: 5148(F) The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. (Windows 10) description: Details on Security event 5148(F), The Windows Filtering Platform has detected a DoS attack and entered a defensive mode. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index b94279645b..0e4b73fcde 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -2,7 +2,7 @@ title: 5149(F) The DoS attack has subsided and normal processing is being resumed. (Windows 10) description: Describes security event 5149(F) The DoS attack has subsided and normal processing is being resumed. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5149(F): The DoS attack has subsided and normal processing is being resumed. diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 23c35f76d7..f1310cde61 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -2,7 +2,7 @@ title: 5150(-) The Windows Filtering Platform blocked a packet. (Windows 10) description: Describes security event 5150(-) The Windows Filtering Platform blocked a packet. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5150(-): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 239d0556a2..bf55e6a6eb 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -2,7 +2,7 @@ title: 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10) description: Describes security event 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index 7fd8072d96..27438881cb 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -2,7 +2,7 @@ title: 5152(F) The Windows Filtering Platform blocked a packet. (Windows 10) description: Describes security event 5152(F) The Windows Filtering Platform blocked a packet. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5152(F): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index 355b963812..f7a61cc8fe 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -2,7 +2,7 @@ title: 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10) description: Describes security event 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index 4ada326421..2002fbb907 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -2,7 +2,7 @@ title: 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. (Windows 10) description: Describes security event 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index b24e159daf..94377b1098 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -2,7 +2,7 @@ title: 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. (Windows 10) description: Describes security event 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index a22acae52c..fbe87f79bc 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -2,7 +2,7 @@ title: 5156(S) The Windows Filtering Platform has permitted a connection. (Windows 10) description: Describes security event 5156(S) The Windows Filtering Platform has permitted a connection. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5156(S): The Windows Filtering Platform has permitted a connection. diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index c555d5aa36..6967921a48 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -2,7 +2,7 @@ title: 5157(F) The Windows Filtering Platform has blocked a connection. (Windows 10) description: Describes security event 5157(F) The Windows Filtering Platform has blocked a connection. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5157(F): The Windows Filtering Platform has blocked a connection. diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index 1255e8d0bb..af16821b1f 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -2,7 +2,7 @@ title: 5158(S) The Windows Filtering Platform has permitted a bind to a local port. (Windows 10) description: Describes security event 5158(S) The Windows Filtering Platform has permitted a bind to a local port. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5158(S): The Windows Filtering Platform has permitted a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index bbd1141c71..5ecd816d89 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -2,7 +2,7 @@ title: 5159(F) The Windows Filtering Platform has blocked a bind to a local port. (Windows 10) description: Describes security event 5159(F) The Windows Filtering Platform has blocked a bind to a local port. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5159(F): The Windows Filtering Platform has blocked a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 1b97127e7f..3b59d54629 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -2,7 +2,7 @@ title: 5168(F) SPN check for SMB/SMB2 failed. (Windows 10) description: Describes security event 5168(F) SPN check for SMB/SMB2 failed. This event is generated when an SMB SPN check fails. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5168(F): SPN check for SMB/SMB2 failed. diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index eaa77a9e64..3145af538e 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -2,7 +2,7 @@ title: 5376(S) Credential Manager credentials were backed up. (Windows 10) description: Describes security event 5376(S) Credential Manager credentials were backed up. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5376(S): Credential Manager credentials were backed up. diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index fd9c84db3a..a60bd13f29 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -2,7 +2,7 @@ title: 5377(S) Credential Manager credentials were restored from a backup. (Windows 10) description: Describes security event 5377(S) Credential Manager credentials were restored from a backup. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5377(S): Credential Manager credentials were restored from a backup. diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index d25246b249..64f48471be 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -2,7 +2,7 @@ title: 5378(F) The requested credentials delegation was disallowed by policy. (Windows 10) description: Describes security event 5378(F) The requested credentials delegation was disallowed by policy. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5378(F): The requested credentials delegation was disallowed by policy. diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index 801d206b0b..732d1ae81e 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -2,7 +2,7 @@ title: 5447(S) A Windows Filtering Platform filter has been changed. (Windows 10) description: Describes security event 5447(S) A Windows Filtering Platform filter has been changed. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5447(S): A Windows Filtering Platform filter has been changed. diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index 26c41df186..b5af7f21a3 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -2,16 +2,16 @@ title: 5632(S, F) A request was made to authenticate to a wireless network. (Windows 10) description: Describes security event 5632(S, F) A request was made to authenticate to a wireless network. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/08/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5632(S, F): A request was made to authenticate to a wireless network. diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index e0591f9a05..1583b0b945 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -2,7 +2,7 @@ title: 5633(S, F) A request was made to authenticate to a wired network. (Windows 10) description: Describes security event 5633(S, F) A request was made to authenticate to a wired network. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5633(S, F): A request was made to authenticate to a wired network. diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index dbafd70da3..d0dc85fe45 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -2,7 +2,7 @@ title: 5712(S) A Remote Procedure Call (RPC) was attempted. (Windows 10) description: Describes security event 5712(S) A Remote Procedure Call (RPC) was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5712(S): A Remote Procedure Call (RPC) was attempted. diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 0ac72b6488..5c45a9698a 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -2,7 +2,7 @@ title: 5888(S) An object in the COM+ Catalog was modified. (Windows 10) description: Describes security event 5888(S) An object in the COM+ Catalog was modified. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5888(S): An object in the COM+ Catalog was modified. diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index 821162c968..3b60e803d9 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -2,7 +2,7 @@ title: 5889(S) An object was deleted from the COM+ Catalog. (Windows 10) description: Describes security event 5889(S) An object was deleted from the COM+ Catalog. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5889(S): An object was deleted from the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index a59fadc788..09c79bee05 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -2,7 +2,7 @@ title: 5890(S) An object was added to the COM+ Catalog. (Windows 10) description: Describes security event 5890(S) An object was added to the COM+ Catalog. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5890(S): An object was added to the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index 959f1b969c..dfad64c1da 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -2,7 +2,7 @@ title: 6144(S) Security policy in the group policy objects has been applied successfully. (Windows 10) description: Describes security event 6144(S) Security policy in the group policy objects has been applied successfully. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6144(S): Security policy in the group policy objects has been applied successfully. diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index 266a490fdd..60ed2e8ad8 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -2,7 +2,7 @@ title: 6145(F) One or more errors occurred while processing security policy in the group policy objects. (Windows 10) description: Describes security event 6145(F) One or more errors occurred while processing security policy in the group policy objects. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6145(F): One or more errors occurred while processing security policy in the group policy objects. diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index d6701e243e..76f546a222 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -2,7 +2,7 @@ title: 6281(F) Code Integrity determined that the page hashes of an image file aren't valid. (Windows 10) description: Describes security event 6281(F) Code Integrity determined that the page hashes of an image file aren't valid. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6281(F): Code Integrity determined that the page hashes of an image file aren't valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index f3cc62235d..d8bcc6f1c7 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -2,7 +2,7 @@ title: 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content. (Windows 10) description: Describes security event 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index cdd2869db5..3e60d3515a 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -2,7 +2,7 @@ title: 6401(-) BranchCache Received invalid data from a peer. Data discarded. (Windows 10) description: Describes security event 6401(-) BranchCache Received invalid data from a peer. Data discarded. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6401(-): BranchCache: Received invalid data from a peer. Data discarded. diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 5c2a2775b2..3148f9b03e 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -2,7 +2,7 @@ title: 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted. (Windows 10) description: Describes security event 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted. diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index 3b5d284082..ad426fdacc 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -2,7 +2,7 @@ title: 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client. (Windows 10) description: Describes security event 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client. diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index ff6b32947a..e2fed0d583 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -2,7 +2,7 @@ title: 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate. (Windows 10) description: Describes security event 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index f83340addb..48746ad277 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -2,7 +2,7 @@ title: 6405(-) BranchCache %2 instance(s) of event id %1 occurred. (Windows 10) description: Describes security event 6405(-) BranchCache %2 instance(s) of event id %1 occurred. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred. diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index d6109b695e..42541a3842 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -2,7 +2,7 @@ title: 6406(-) %1 registered to Windows Firewall to control filtering for the following %2. (Windows 10) description: Describes security event 6406(-) %1 registered to Windows Firewall to control filtering for the following %2. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2. diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md index e0e4b5e90d..b13c6f8d8c 100644 --- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md +++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md @@ -3,12 +3,12 @@ title: Block untrusted fonts in an enterprise (Windows 10) description: To help protect your company from attacks that may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature. ms.reviewer: manager: aaroncz -ms.prod: m365-security +ms.prod: windows-client author: dansimp ms.author: dansimp ms.date: 08/14/2017 ms.localizationpriority: medium -ms.technology: windows-sec +ms.technology: itpro-security --- # Block untrusted fonts in an enterprise diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 1af5ea34bd..c5729ba1e1 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -1,7 +1,7 @@ --- title: Federal Information Processing Standard (FIPS) 140 Validation description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140. -ms.prod: m365-security +ms.prod: windows-client ms.date: 11/03/2022 manager: aaroncz ms.author: paoloma @@ -12,7 +12,7 @@ ms.collection: ms.topic: article ms.localizationpriority: medium ms.reviewer: -ms.technology: windows-sec +ms.technology: itpro-security --- # FIPS 140-2 Validation diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 7fec38f0ff..f3481ad39c 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -1,7 +1,7 @@ --- title: Get support description: Frequently asked questions about how to get support for Windows baselines and the Security Compliance Toolkit (SCT). -ms.prod: m365-security +ms.prod: windows-client ms.localizationpriority: medium ms.author: dansimp author: dulcemontemayor @@ -10,7 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 ms.reviewer: -ms.technology: windows-sec +ms.technology: itpro-security --- # Get Support for Windows baselines diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 52a5ae4951..92d1fa392e 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -2,14 +2,14 @@ title: Windows threat protection description: Describes the security capabilities in Windows client focused on threat protection search.product: eADQiWindows 10XVcnh -ms.prod: m365-security +ms.prod: windows-client ms.author: dansimp author: dansimp ms.localizationpriority: medium manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: windows-sec +ms.technology: itpro-security --- # Windows threat protection diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md index 92da921c12..bfb7dc677b 100644 --- a/windows/security/threat-protection/mbsa-removal-and-guidance.md +++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md @@ -1,13 +1,13 @@ --- title: Guide to removing Microsoft Baseline Security Analyzer (MBSA) description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions. -ms.prod: m365-security +ms.prod: windows-client ms.localizationpriority: medium ms.author: dansimp author: dansimp ms.reviewer: manager: aaroncz -ms.technology: windows-sec +ms.technology: itpro-security --- # What is Microsoft Baseline Security Analyzer and its uses? diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md index c15e7110b2..cf9752c6f3 100644 --- a/windows/security/threat-protection/msft-security-dev-lifecycle.md +++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md @@ -1,7 +1,7 @@ --- title: Microsoft Security Development Lifecycle description: Download the Microsoft Security Development Lifecycle white paper that covers a security assurance process focused on software development. -ms.prod: m365-security +ms.prod: windows-client author: dansimp ms.author: dansimp manager: aaroncz @@ -9,7 +9,7 @@ ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium ms.reviewer: -ms.technology: windows-sec +ms.technology: itpro-security --- # Microsoft Security Development Lifecycle diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md index 83dcf3036f..fa6de91b70 100644 --- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md +++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md @@ -3,10 +3,10 @@ manager: aaroncz ms.author: dansimp title: Override Process Mitigation Options (Windows 10) description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies. -ms.prod: m365-security +ms.prod: windows-client author: dulcemontemayor ms.localizationpriority: medium -ms.technology: windows-sec +ms.technology: itpro-security --- diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 551bdb2981..9540d55eb9 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -1,13 +1,13 @@ --- title: Mitigate threats by using Windows 10 security features (Windows 10) description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats. -ms.prod: m365-security +ms.prod: windows-client ms.localizationpriority: medium author: dansimp ms.reviewer: manager: aaroncz ms.author: dansimp -ms.technology: windows-sec +ms.technology: itpro-security --- # Mitigate threats by using Windows 10 security features diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index c038120c89..ae2b7dcea6 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -1,14 +1,14 @@ --- title: Control the health of Windows 10-based devices (Windows 10) description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: dansimp -ms.prod: m365-security +ms.prod: windows-client author: dulcemontemayor ms.date: 10/13/2017 ms.localizationpriority: medium -ms.technology: windows-sec +ms.technology: itpro-security --- # Control the health of Windows 10-based devices From 2e6699c5a49dede784a7529927ecf0f9a61ec352 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:19:34 -0500 Subject: [PATCH 039/108] add missing for security6 --- .../profile-system-performance.md | 4 ++-- ...ery-console-allow-automatic-administrative-logon.md | 4 ++-- ...floppy-copy-and-access-to-all-drives-and-folders.md | 4 ++-- .../remove-computer-from-docking-station.md | 4 ++-- .../replace-a-process-level-token.md | 4 ++-- .../reset-account-lockout-counter-after.md | 4 ++-- .../restore-files-and-directories.md | 4 ++-- .../secpol-advanced-security-audit-policy-settings.md | 4 ++-- .../security-policy-settings/security-options.md | 4 ++-- .../security-policy-settings-reference.md | 4 ++-- .../security-policy-settings.md | 4 ++-- .../security-policy-settings/shut-down-the-system.md | 4 ++-- ...-system-to-be-shut-down-without-having-to-log-on.md | 4 ++-- .../shutdown-clear-virtual-memory-pagefile.md | 4 ++-- ...work-client-digitally-sign-communications-always.md | 4 ++-- ...t-digitally-sign-communications-if-server-agrees.md | 4 ++-- ...work-server-digitally-sign-communications-always.md | 4 ++-- ...r-digitally-sign-communications-if-client-agrees.md | 4 ++-- .../store-passwords-using-reversible-encryption.md | 4 ++-- .../synchronize-directory-service-data.md | 4 ++-- ...-protection-for-user-keys-stored-on-the-computer.md | 4 ++-- ...nt-algorithms-for-encryption-hashing-and-signing.md | 4 ++-- ...re-case-insensitivity-for-non-windows-subsystems.md | 4 ++-- ...n-default-permissions-of-internal-system-objects.md | 4 ++-- .../system-settings-optional-subsystems.md | 4 ++-- ...vent-forwarding-to-assist-in-intrusion-detection.md | 4 ++-- .../citool-commands.md | 2 ++ .../microsoft-recommended-driver-block-rules.md | 1 + .../windows-platform-common-criteria.md | 4 ++-- windows/security/trusted-boot.md | 10 +++++----- windows/security/zero-trust-windows-device-health.md | 6 +++--- 31 files changed, 65 insertions(+), 62 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index 9f76b3d698..fe332e87f3 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Profile system performance diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md index a1e2ab6949..379cef16af 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md @@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c ms.assetid: be2498fc-48f4-43f3-ad09-74664e45e596 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Recovery console: Allow automatic administrative logon diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md index 8e34bd2995..6b402af2db 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se ms.assetid: a5b4ac0c-f33d-42b5-a866-72afa7cbd0bd ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Recovery console: Allow floppy copy and access to all drives and folders diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md index dafe4d5d59..fbd8bf9e9b 100644 --- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md +++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: 229a385a-a862-4973-899a-413b1b5b6c30 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Remove computer from docking station - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md index c40121b387..3978432395 100644 --- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md +++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: 5add02db-6339-489e-ba21-ccc3ccbe8745 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Replace a process level token diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md index e2f943cd55..900b66a6fe 100644 --- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md +++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid ms.assetid: d5ccf6dd-5ba7-44a9-8e0b-c478d8b1442c ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/02/2018 -ms.technology: windows-sec +ms.technology: itpro-security --- # Reset account lockout counter after diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md index 5e3f6b9386..ea25267470 100644 --- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: c673c0fa-6f49-4edd-8c1f-c5e8513f701d ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Restore files and directories - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md index 7dc532fd31..a620908a28 100644 --- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md @@ -4,7 +4,7 @@ description: Provides information about the advanced security audit policy setti ms.assetid: 6BF9A642-DBC3-4101-94A3-B2316C553CE3 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Advanced security audit policy settings for Windows 10 diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md index 00441e06c4..2617bbe979 100644 --- a/windows/security/threat-protection/security-policy-settings/security-options.md +++ b/windows/security/threat-protection/security-policy-settings/security-options.md @@ -5,14 +5,14 @@ ms.assetid: 405ea253-8116-4e57-b08e-14a8dcdca92b ms.reviewer: manager: aaroncz ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft ms.date: 06/28/2018 -ms.technology: windows-sec +ms.technology: itpro-security --- # Security Options diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md index bfca76513d..cb99f2efbf 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md @@ -4,7 +4,7 @@ description: This reference of security settings provides information about how ms.assetid: ef5a4579-15a8-4507-9a43-b7ccddcb0ed1 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Security policy settings reference diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md index 5e771b19bd..5ab4550261 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md @@ -4,7 +4,7 @@ description: This reference topic describes the common scenarios, architecture, ms.assetid: e7ac5204-7f6c-4708-a9f6-6af712ca43b9 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -17,7 +17,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Security policy settings diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md index 465e04c8e5..67d5faee52 100644 --- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md +++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: c8e8f890-153a-401e-a957-ba6a130304bf ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Shut down the system - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md index 06fb947134..191d7707e3 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Shutdown: Allow system to be shut down without having to log on diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md index 188c435f4f..8dee428efe 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management a ms.assetid: 31400078-6c56-4891-a6df-6dfb403c4bc9 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/01/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Shutdown: Clear virtual memory pagefile diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md index 460941fd81..b177d97e7f 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md @@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: windows-sec +ms.technology: itpro-security --- # SMBv1 Microsoft network client: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md index 6125397053..735abfb6ec 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md @@ -4,7 +4,7 @@ description: Best practices, location, values, and security considerations for t ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: windows-sec +ms.technology: itpro-security --- # SMBv1 Microsoft network client: Digitally sign communications (if server agrees) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md index b261da96b1..e786e34d26 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: windows-sec +ms.technology: itpro-security --- # SMB v1 Microsoft network server: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md index d10e1c5531..02d3e39e49 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md @@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: windows-sec +ms.technology: itpro-security --- # SMBv1 Microsoft network server: Digitally sign communications (if client agrees) diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md index 207e07ea6f..7e2d99c5ca 100644 --- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md +++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid ms.assetid: 57f958c2-f1e9-48bf-871b-0a9b3299e238 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Store passwords using reversible encryption diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md index 75c07aa23f..27b022d867 100644 --- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md +++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: 97b0aaa4-674f-40f4-8974-b4bfb12c232c ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Synchronize directory service data diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md index 8e7bbc95a5..73d75fc780 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se ms.assetid: 8cbff267-881e-4bf6-920d-b583a5ff7de0 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # System cryptography: Force strong key protection for user keys stored on the computer diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index 384b7464ec..7b1b9ef84d 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/16/2018 -ms.technology: windows-sec +ms.technology: itpro-security --- # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md index 9c4cd9c338..cfc1e3e48a 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md @@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p ms.assetid: 340d6769-8f33-4067-8470-1458978d1522 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # System objects: Require case insensitivity for non-Windows subsystems diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md index bba4ab0d9b..9e16de4a18 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md @@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, System obj ms.assetid: 3a592097-9cf5-4fd0-a504-7cbfab050bb6 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links) diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md index a36f304e17..0397eca9d7 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: 5cb6519a-4f84-4b45-8072-e2aa8a72fb78 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # System settings: Optional subsystems diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index f4ddfe874d..d48d5da38b 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -4,11 +4,11 @@ description: Learn about an approach to collect events from devices in your orga ms.reviewer: manager: aaroncz ms.author: dansimp -ms.prod: m365-security +ms.prod: windows-client author: dulcemontemayor ms.date: 02/28/2019 ms.localizationpriority: medium -ms.technology: windows-sec +ms.technology: itpro-security --- # Use Windows Event Forwarding to help with intrusion detection diff --git a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md index 5a2d7b7e72..6cf521cfc7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md +++ b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md @@ -8,6 +8,8 @@ ms.reviewer: jogeurte ms.topic: how-to ms.date: 08/07/2022 ms.custom: template-how-to +ms.prod: windows-client +ms.technology: itpro-security --- # Manage Windows Defender Application Control (WDAC) Policies with CI Tool diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index f37306192a..25e864f812 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -17,6 +17,7 @@ ms.reviewer: jsuther ms.author: vinpa manager: aaroncz ms.date: 11/01/2022 +ms.technology: itpro-security --- # Microsoft recommended driver block rules diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 4578d9eb6c..37bb6cb877 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -1,7 +1,7 @@ --- title: Common Criteria Certifications description: This topic details how Microsoft supports the Common Criteria certification program. -ms.prod: m365-security +ms.prod: windows-client ms.author: paoloma author: paolomatarazzo manager: aaroncz @@ -10,7 +10,7 @@ ms.topic: article ms.localizationpriority: medium ms.date: 11/4/2022 ms.reviewer: -ms.technology: windows-sec +ms.technology: itpro-security --- # Common Criteria certifications diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md index 37a654e8fd..64689039a1 100644 --- a/windows/security/trusted-boot.md +++ b/windows/security/trusted-boot.md @@ -1,18 +1,18 @@ --- title: Secure Boot and Trusted Boot description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11 -search.appverid: MET150 +search.appverid: MET150 author: vinaypamnani-msft ms.author: vinpa -manager: aaroncz +manager: aaroncz ms.topic: conceptual ms.date: 09/21/2021 -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: windows-client +ms.technology: itpro-security ms.localizationpriority: medium ms.collection: ms.custom: -ms.reviewer: jsuther +ms.reviewer: jsuther --- # Secure Boot and Trusted Boot diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md index 49dbfdd3d3..84ff0bde52 100644 --- a/windows/security/zero-trust-windows-device-health.md +++ b/windows/security/zero-trust-windows-device-health.md @@ -1,5 +1,5 @@ --- -title: Zero Trust and Windows device health +title: Zero Trust and Windows device health description: Describes the process of Windows device health attestation ms.reviewer: ms.topic: article @@ -8,8 +8,8 @@ ms.author: paoloma author: paolomatarazzo ms.collection: M365-security-compliance ms.custom: intro-overview -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: windows-client +ms.technology: itpro-security --- # Zero Trust and Windows device health From b31d304afe1cda379e081d56f7e2f567f311d3fa Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:27:43 -0500 Subject: [PATCH 040/108] fix security tag --- .../windows-defender-application-control/citool-commands.md | 1 - windows/whats-new/ltsc/index.md | 1 + windows/whats-new/ltsc/whats-new-windows-10-2015.md | 1 + windows/whats-new/ltsc/whats-new-windows-10-2016.md | 1 + windows/whats-new/ltsc/whats-new-windows-10-2019.md | 1 + windows/whats-new/ltsc/whats-new-windows-10-2021.md | 1 + windows/whats-new/whats-new-windows-10-version-1507-and-1511.md | 1 + windows/whats-new/whats-new-windows-10-version-1607.md | 1 + windows/whats-new/whats-new-windows-10-version-1703.md | 1 + windows/whats-new/whats-new-windows-10-version-1709.md | 1 + windows/whats-new/whats-new-windows-10-version-1803.md | 1 + windows/whats-new/whats-new-windows-10-version-1809.md | 1 + windows/whats-new/whats-new-windows-10-version-1903.md | 1 + windows/whats-new/whats-new-windows-10-version-1909.md | 1 + windows/whats-new/whats-new-windows-10-version-2004.md | 1 + windows/whats-new/whats-new-windows-10-version-20H2.md | 1 + windows/whats-new/whats-new-windows-10-version-21H1.md | 1 + windows/whats-new/whats-new-windows-10-version-21H2.md | 1 + windows/whats-new/whats-new-windows-11-version-22H2.md | 1 + windows/whats-new/windows-10-insider-preview.md | 1 + windows/whats-new/windows-11-plan.md | 1 + windows/whats-new/windows-11-prepare.md | 1 + windows/whats-new/windows-11-requirements.md | 1 + 23 files changed, 22 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md index 6cf521cfc7..88273c3c74 100644 --- a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md +++ b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md @@ -3,7 +3,6 @@ title: Managing CI Policies and Tokens with CiTool description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool author: valemieux ms.author: jogeurte -ms.service: security ms.reviewer: jogeurte ms.topic: how-to ms.date: 08/07/2022 diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index faa61e8726..4ebad1267c 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: low ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # Windows 10 Enterprise LTSC diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index 9619a71f7d..8d02105a34 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -8,6 +8,7 @@ ms.prod: windows-client author: aczechowski ms.localizationpriority: medium ms.topic: article +ms.technology: itpro-fundamentals --- # What's new in Windows 10 Enterprise LTSC 2015 diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 2f55f78bd5..ff84fce008 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -8,6 +8,7 @@ ms.prod: windows-client author: aczechowski ms.localizationpriority: low ms.topic: article +ms.technology: itpro-fundamentals --- # What's new in Windows 10 Enterprise LTSC 2016 diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 1e2217e1d0..99bbdce00b 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -10,6 +10,7 @@ ms.localizationpriority: medium ms.topic: article ms.collection: - highpri +ms.technology: itpro-fundamentals --- # What's new in Windows 10 Enterprise LTSC 2019 diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md index c04c33fd31..6c8dc542bc 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md @@ -10,6 +10,7 @@ ms.localizationpriority: low ms.topic: article ms.collection: - highpri +ms.technology: itpro-fundamentals --- # What's new in Windows 10 Enterprise LTSC 2021 diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 24a9eacec5..66b6c21f4d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -9,6 +9,7 @@ ms.author: aaroncz ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, versions 1507 and 1511 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 61009f9d89..5d80c4bdea 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -9,6 +9,7 @@ manager: dougeby ms.author: aaroncz ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1607 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 83a34f13b1..5030a8b526 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -9,6 +9,7 @@ manager: dougeby ms.author: aaroncz ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1703 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index ee7222900f..df9f38a3c3 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -9,6 +9,7 @@ ms.author: aaroncz ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1709 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 97e8587b75..3815add5bd 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -9,6 +9,7 @@ ms.author: aaroncz ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1803 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index 7f151bdfcf..ced11ae8ad 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -9,6 +9,7 @@ ms.author: aaroncz ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1809 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 49112ccb86..1f6ccc5fac 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1903 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md index b3350031c0..67c62a1a1f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1909.md +++ b/windows/whats-new/whats-new-windows-10-version-1909.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1909 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 9baa6d915f..c573b18f86 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 2004 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md index 431769b672..ac69c0d7b2 100644 --- a/windows/whats-new/whats-new-windows-10-version-20H2.md +++ b/windows/whats-new/whats-new-windows-10-version-20H2.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: high ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 20H2 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-21H1.md b/windows/whats-new/whats-new-windows-10-version-21H1.md index 1edaf57d80..67ec5e934e 100644 --- a/windows/whats-new/whats-new-windows-10-version-21H1.md +++ b/windows/whats-new/whats-new-windows-10-version-21H1.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: high ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 21H1 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md index 64749cbbee..5d8e006605 100644 --- a/windows/whats-new/whats-new-windows-10-version-21H2.md +++ b/windows/whats-new/whats-new-windows-10-version-21H2.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.topic: article ms.collection: highpri ms.custom: intro-overview +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 21H2 diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md index ba75d6dbc6..a36d8795f6 100644 --- a/windows/whats-new/whats-new-windows-11-version-22H2.md +++ b/windows/whats-new/whats-new-windows-11-version-22H2.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.topic: article ms.collection: highpri ms.custom: intro-overview +ms.technology: itpro-fundamentals --- # What's new in Windows 11, version 22H2 diff --git a/windows/whats-new/windows-10-insider-preview.md b/windows/whats-new/windows-10-insider-preview.md index 9f9114f7ef..bdfa205f5c 100644 --- a/windows/whats-new/windows-10-insider-preview.md +++ b/windows/whats-new/windows-10-insider-preview.md @@ -8,6 +8,7 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article +ms.technology: itpro-fundamentals --- # Documentation for Windows 10 Insider Preview diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md index b0af27c9a3..1a2f7d3b76 100644 --- a/windows/whats-new/windows-11-plan.md +++ b/windows/whats-new/windows-11-plan.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: high ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # Plan for Windows 11 diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index 3bdc8c1a18..1ae1ed1629 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: high ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # Prepare for Windows 11 diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index f7a02bf116..cbb7d6dbb6 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.topic: article ms.custom: seo-marvel-apr2020 ms.collection: highpri +ms.technology: itpro-fundamentals --- # Windows 11 requirements From 0db6ab3f68a8b371cf335f85a9eff9b04858e351 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 15:33:40 -0700 Subject: [PATCH 041/108] Update windows/deployment/upgrade/log-files.md Line 23: 400 level > 400-level --- windows/deployment/upgrade/log-files.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 2f094a73f8..b1ef0c548c 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -20,7 +20,8 @@ ms.date: 10/28/2022 - Windows 10 > [!NOTE] -> This is a 400 level topic (advanced).
+> This is a 400-level topic (advanced).
+ > See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code. From 9794f207eb74a9ecaaeb1fbdb9d0faad357b14d0 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 15:35:10 -0700 Subject: [PATCH 042/108] Update windows/deployment/upgrade/log-files.md Line 32: Delete
and replace colon with period. --- windows/deployment/upgrade/log-files.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index b1ef0c548c..f2024b97cc 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -29,7 +29,8 @@ Several log files are created during each phase of the upgrade process. These lo > [!NOTE] > Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. -The following table describes some log files and how to use them for troubleshooting purposes:
+The following table describes some log files and how to use them for troubleshooting purposes. + |Log file |Phase: Location |Description |When to use| |---|---|---|---| From eea207d7cf9ff7096f86c5d27db450e0794e8011 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 15:36:36 -0700 Subject: [PATCH 043/108] Update windows/deployment/upgrade/log-files.md Line 32: Replace period with colon. --- windows/deployment/upgrade/log-files.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index f2024b97cc..da014727b1 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -29,7 +29,8 @@ Several log files are created during each phase of the upgrade process. These lo > [!NOTE] > Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. -The following table describes some log files and how to use them for troubleshooting purposes. +The following table describes some log files and how to use them for troubleshooting purposes: + |Log file |Phase: Location |Description |When to use| From fb4d4d673e9acd7960ba371b46693e2834e033ad Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 15:39:45 -0700 Subject: [PATCH 044/108] Apply suggestions from code review Adjust punctuation and space. --- windows/deployment/upgrade/log-files.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index da014727b1..2e9259fece 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -49,13 +49,17 @@ The following table describes some log files and how to use them for troubleshoo A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements: -1. **The date and time** - 2016-09-08 09:20:05. +1. **The date and time** - 2016-09-08 09:20:05 -2. **The log level** - Info, Warning, Error, Fatal Error. -3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS. +2. **The log level** - Info, Warning, Error, Fatal Error + + +3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS + + + The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors. - The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors. 4. **The message** - Operation completed successfully. From 5b53c8a2351ea0ea0b586515b2f37105746ab082 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:56:22 -0500 Subject: [PATCH 045/108] Metadata/style update deployment/vamt 3 --- .../monitor-activation-client.md | 1 + .../plan-for-volume-activation-client.md | 94 ++++----- .../proxy-activation-vamt.md | 52 +++-- .../volume-activation/remove-products-vamt.md | 36 ++-- .../scenario-kms-activation-vamt.md | 46 +++-- .../scenario-online-activation-vamt.md | 147 ++++++++------ .../scenario-proxy-activation-vamt.md | 179 +++++++++++------- .../update-product-status-vamt.md | 14 +- ...olume-activation-management-tool-client.md | 34 ++-- .../use-vamt-in-windows-powershell.md | 74 +++++--- .../volume-activation/vamt-known-issues.md | 34 +++- .../volume-activation/vamt-requirements.md | 13 +- .../volume-activation/vamt-step-by-step.md | 11 +- .../volume-activation-windows-10.md | 41 ++-- 14 files changed, 474 insertions(+), 302 deletions(-) diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index c5b52eb8b8..0f48de80b8 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -9,6 +9,7 @@ author: frankroj ms.localizationpriority: medium ms.topic: article ms.technology: itpro-fundamentals +ms.date: 11/07/2022 --- # Monitor activation diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index e89a31bf6e..e9969efbf8 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -9,6 +9,7 @@ author: frankroj ms.localizationpriority: medium ms.topic: article ms.technology: itpro-fundamentals +ms.date: 11/07/2022 --- # Plan for volume activation @@ -21,9 +22,9 @@ ms.technology: itpro-fundamentals > - [Activate Windows](https://support.microsoft.com/help/12440/) > - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation. +*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and hasn't been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation. -During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization. +During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they can't be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft doesn't use this information to identify or contact the user or the organization. >[!NOTE] >The IP address is used only to verify the location of the request, because some editions of Windows (such as "Starter" editions) can only be activated within certain geographical target markets. @@ -34,21 +35,22 @@ In general, Microsoft software is obtained through three main channels: retail, ### Retail activations -The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. +The retail activation method hasn't changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys. ### Original equipment manufacturer -Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required. +Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware/BIOS of the computer. This activation occurs before the computer is sent to the customer, and no additional actions are required. + OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled. ### Volume licensing -Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: +Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft. There's a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: -- Have the license preinstalled through the OEM. +- Have the license preinstalled through the OEM -- Purchase a fully packaged retail product. +- Purchase a fully packaged retail product The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing. @@ -82,29 +84,29 @@ Token-based Activation option is available for Windows 10 Enterprise LTSB editio ### Multiple activation key -A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also -allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS. +A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they don't meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also +allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that doesn't have enough computers to use the KMS. To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation. -In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain. +In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can help with tracking the number of activations that have been performed with each key and how many remain. Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft. ### Key Management Service -With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services. +With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that doesn't require a dedicated system and can easily be cohosted on a system that provides other services. Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user. The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*. -Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely will more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide. +Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. It will be rare that more than two KMS hosts are used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide. ### Active Directory-based activation -Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. +Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer doesn't need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. -Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company's domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. +Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it's impractical to connect to a KMS, or wouldn't reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company's domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. ## Network and connectivity @@ -112,9 +114,9 @@ A modern business network has many nuances and interconnections. This section ex ### Core network -Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network. +Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that isn't a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the majority of the business network. -In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. +In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that aren't joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. A typical core network that includes a KMS host is shown in Figure 1. @@ -124,19 +126,19 @@ A typical core network that includes a KMS host is shown in Figure 1. ### Isolated networks -In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues. +In a large network, it's all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues. #### Isolated for security Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization. -If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. +If the isolated network can access the core network by using outbound requests on TCP port 1688, and it's allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2. -If the isolated network cannot communicate with the core network's KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. +If the isolated network can't communicate with the core network's KMS server, and it can't use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. -If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network. +If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they're placed in the isolated network. ![New KMS host in an isolated network.](../images/volumeactivationforwindows81-02.jpg) @@ -144,7 +146,7 @@ If the network is fully isolated, MAK-independent activation would be the recomm #### Branch offices and distant networks -From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: +From mining operations to ships at sea, organizations often have a few computers that aren't easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: - **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. @@ -156,33 +158,35 @@ From mining operations to ships at sea, organizations often have a few computers ### Disconnected computers -Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an "isolated network," where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. -If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). +Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this branch office an "isolated network," where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. + +If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it doesn't support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). ### Test and development labs -Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately. -If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide. -In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. +Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they can't activate immediately. + +If you've ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they'll be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network, and use the methods described earlier in this guide. +In labs that have a high turnover of computers and a few KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. ## Mapping your network to activation methods -Now it's time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination. +Now it's time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you've collected the information you need to determine which activation methods will work best for you. You can fill in information in Table 1 to help you make this determination. **Table 1**. Criteria for activation methods |Criterion |Activation method | |----------|------------------| |Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | -|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

**Note**
The core network must meet the KMS activation threshold. |KMS (central) | -|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | +|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

**Note**
The core network must meet the KMS activation threshold.
|KMS (central) | +|Number of computers that don't connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | |Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) | |Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) | -|Number of computers in isolated networks where the KMS activation threshold is not met |MAK | -|Number of computers in test and development labs that will not be activated |None| -|Number of computers that do not have a retail volume license |Retail (online or phone) | -|Number of computers that do not have an OEM volume license |OEM (at factory) | -|Total number of computer activations

**Note**
This total should match the total number of licensed computers in your organization. | +|Number of computers in isolated networks where the KMS activation threshold isn't met |MAK | +|Number of computers in test and development labs that won't be activated |None| +|Number of computers that don't have a retail volume license |Retail (online or phone) | +|Number of computers that don't have an OEM volume license |OEM (at factory) | +|Total number of computer activations
**Note**
This total should match the total number of licensed computers in your organization.
| ## Choosing and acquiring keys @@ -194,26 +198,28 @@ When you know which keys you need, you must obtain them. Generally speaking, vol ### KMS host keys -A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. +A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is referred to as the *KMS host key*, but it's formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. -A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. +A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You'll need a KMS host key for any KMS that you want to set up and if you're going to use Active Directory-based activation. ### Generic volume licensing keys -When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys. +When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you're creating. GVLKs are also referred to as KMS client setup keys. -Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK will not activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential. +Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK won't activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK doesn't work unless a valid KMS host key can be found. GVLKs are the only product keys that don't need to be kept confidential. -Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS client setup keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)). +Typically, you won't need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it's being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS client setup keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)). ### Multiple activation keys -You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT. +You'll also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT. ## Selecting a KMS host -The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. +The KMS doesn't require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. + KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. + A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure. The flow of KMS activation is shown in Figure 3, and it follows this sequence: @@ -222,17 +228,17 @@ The flow of KMS activation is shown in Figure 3, and it follows this sequence: 2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. -3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) +3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment doesn't support DNS dynamic update protocol.) 4. A client configured with a GVLK uses DNS to locate the KMS host. 5. The client sends one packet to the KMS host. -6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. +6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs aren't stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. 7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. -8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. +8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold hasn't yet been met, the client will try again. ![KMS activation flow.](../images/volumeactivationforwindows81-03.jpg) diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md index 7534f442fd..65f7e79d8d 100644 --- a/windows/deployment/volume-activation/proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/proxy-activation-vamt.md @@ -1,6 +1,6 @@ --- title: Perform Proxy Activation (Windows 10) -description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that do not have Internet access. +description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that don't have Internet access. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,40 +13,56 @@ ms.technology: itpro-fundamentals # Perform Proxy Activation -You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that do not have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key. +You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that don't have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key. In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs Internet access. > [!NOTE] -> For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. +> For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. ## Requirements Before performing proxy activation, ensure that your network and the VAMT installation meet the following requirements: -- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup. -- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key. + +- There's an instance of VAMT that is installed on a computer that has Internet access. If you're performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup. + +- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products haven't been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key. + - VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall. -- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs. + +- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure client computers](configure-client-computers-vamt.md). + + The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires Internet access and that the remaining activation count can only be retrieved for MAKs. ## To Perform Proxy Activation -**To perform proxy activation** - 1. Open VAMT. -2. If necessary, install product keys. For more information see: - - [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK). + +2. If necessary, install product keys. For more information, see: + + - [Install a product key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK). + - [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys. + 3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + 4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box. -7. In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**. -8. If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox. -9. Click **OK**. -10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you will be prompted to enter the credentials. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the center pane. + +6. In the right-side pane, select **Activate** and then select **Proxy activate** to open the **Proxy Activate** dialog box. + +7. In the **Proxy Activate** dialog box select **Apply Confirmation ID, apply to selected machine(s) and activate**. + +8. If you're activating products that require administrator credentials different from the ones you're currently using, select the **Use Alternate Credentials** checkbox. + +9. Select **OK**. + +10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you'll be prompted to enter the credentials. > [!NOTE] You can use proxy activation to select products that have different key types and activate the products at the same time. diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md index f9b25b08fd..231f5081c2 100644 --- a/windows/deployment/volume-activation/remove-products-vamt.md +++ b/windows/deployment/volume-activation/remove-products-vamt.md @@ -11,22 +11,30 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Remove Products +# Remove products To remove one or more products from the Volume Activation Management Tool (VAMT), you can delete them from the product list view in the center pane. -**To delete one or more products** -1. Click a product node in the left-side pane. -2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. -5. Select the products you want to delete. -6. Click **Delete** in the **Selected Items** menu in the right-side pane. -7. On the **Confirm Delete Selected Products** dialog box, click **OK**. +## To delete one or more products + +1. Select a product node in the left-side pane. + +2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + +3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +4. Select **Filter**. VAMT displays the filtered list in the center pane. + +5. Select the products you want to delete. + +6. Select **Delete** in the **Selected Items** menu in the right-side pane. + +7. On the **Confirm Delete Selected Products** dialog box, select **OK**. + +## Related articles -## Related topics - [Add and Manage Products](add-manage-products-vamt.md) - - diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md index 2aae527d89..2985a6bc04 100644 --- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md @@ -11,35 +11,49 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Scenario 3: KMS Client Activation +# Scenario 3: KMS client activation -In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md). +In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This type of activation can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You don't have to enter a key to activate a product as a GVLK, unless you're converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md). + +The procedure that is described below assumes the following configuration: -The procedure that is described below assumes the following: - The KMS Service is enabled and available to all KMS clients. + - VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information. -## Activate KMS Clients +## Activate KMS clients 1. Open VAMT. -2. To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. + +2. To set the KMS activation options, on the menu bar select **View**. Then select **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. + 3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options: - - **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead. + + - **Find a KMS host automatically using DNS**. This setting is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead. + - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain. - - **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host. -4. In the left-side pane, in the **Products** node, click the product that you want to activate. + + - **Use specific KMS host**. Select this option for environments that don't use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host. + +4. In the left-side pane, in the **Products** node, select the product that you want to activate. + 5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + 6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -7. Click **Filter**. VAMT displays the filtered list in the center pane. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +7. Select **Filter**. VAMT displays the filtered list in the center pane. + 8. Select the products that you want to activate. -9. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. -10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + +9. Select **Activate** in the **Selected Items** menu in the right-side **Actions** pane, select **Activate**, point to **Volume activate**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password. + +10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the products list view in the center pane. -## Related topics -- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) - - +## Related articles + +- [VAMT step-by-step scenarios](vamt-step-by-step.md) diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md index f1fcdf13ee..68ca97def3 100644 --- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md @@ -14,117 +14,146 @@ ms.technology: itpro-fundamentals # Scenario 1: Online Activation In this scenario, the Volume Activation Management Tool (VAMT) is deployed in the Core Network environment. VAMT is installed on a central computer that has network access to all of the client computers. Both the VAMT host and the client computers have Internet access. The following illustration shows a diagram of an online activation scenario for Multiple Activation Keys (MAKs). You can use this scenario for online activation of the following key types: + - Multiple Activation Key (MAK) + - Windows Key Management Service (KMS) keys: - - KMS Host key (CSVLK) - - Generic Volume License Key (GVLK), or KMS client key + + - KMS Host key (CSVLK) + + - Generic Volume License Key (GVLK), or KMS client key + - Retail The Secure Zone represents higher-security Core Network computers that have additional firewall protection. ![VAMT firewall configuration for multiple subnets.](images/dep-win8-l-vamt-makindependentactivationscenario.jpg) -## In This Topic -- [Install and start VAMT on a networked host computer](#bkmk-partone) -- [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo) -- [Connect to VAMT database](#bkmk-partthree) -- [Discover products](#bkmk-partfour) -- [Sort and filter the list of computers](#bkmk-partfive) -- [Collect status information from the computers in the list](#bkmk-partsix) -- [Add product keys and determine the remaining activation count](#bkmk-partseven) -- [Install the product keys](#bkmk-parteight) -- [Activate the client products](#bkmk-partnine) - -## Step 1: Install and start VAMT on a networked host computer +## Step 1: Install and start VAMT on a networked host computer 1. Install VAMT on the host computer. -2. Click the VAMT icon in the **Start** menu to open VAMT. -## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers +2. Select the VAMT icon in the **Start** menu to open VAMT. + +## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers - Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). > [!NOTE] > To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -## Step 3: Connect to a VAMT database +## Step 3: Connect to a VAMT database -1. If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located. -2. Click **Connect**. -3. If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md) +1. If you aren't already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located. -## Step 4: Discover products +2. Select **Connect**. -1. In the left-side pane, in the **Products** node Products, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. -4. Click **Search**. +3. If you're already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md) + +## Step 4: Discover products + +1. In the left-side pane, in the **Products** node Products, select the product that you want to activate. + +2. To open the **Discover Products** dialog box, select **Discover products** in the **Actions** menu in the right-side pane. + +3. In the **Discover Products** dialog box, select **Search for computers in the Active Directory** to display the search options, and then select the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query: + + - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". + + - To search by individual computer name or IP address, select **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. VAMT supports both IPv4 and IPV6 addressing. + + - To search for computers in a workgroup, select **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, select the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + + - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. + +4. Select **Search**. When the search is complete, the products that VAMT discovers appear in the product list view in the center pane. -## Step 5: Sort and filter the list of computers +## Step 5: Sort and filter the list of computers + +You can sort the list of products so that it's easier to find the computers that require product keys to be activated: + +1. On the menu bar at the top of the center pane, select **Group by**, and then select **Product**, **Product Key Type**, or **License Status**. + +2. To sort the list further, you can select one of the column headings to sort by that column. -You can sort the list of products so that it is easier to find the computers that require product keys to be activated: -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. 3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. -## Step 6: Collect status information from the computers in the list +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by product name, product key type, or license status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the product list view in the center pane. + +## Step 6: Collect status information from the computers in the list To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: -- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. -- To select computers which are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. - **To collect status information from the selected computers** -- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**. + +- To select a block of consecutively listed computers, select the first computer that you want to select, and then select the last computer while pressing the **Shift** key. + +- To select computers that aren't listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. + +### To collect status information from the selected computers + +- In the right-side **Actions** pane, select **Update license status** in the **Selected Items** menu and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials that are different from the ones that you used to sign into the computer. Otherwise, select **Current Credentials** and continue to step 2. If you're supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then select **OK**. + - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. > [!NOTE] > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. -## Step 7: Add product keys and determine the remaining activation count +## Step 7: Add product keys and determine the remaining activation count + +1. Select the **Product Keys** node in the left-side pane, and then select **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. 2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys: - - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. + + - To add product keys manually, select **Enter product key(s) separated by line breaks**, enter one or more product keys, and then select **Add Key(s)**. + + - To import a Comma Separated Values File (CSV) that contains a list of product keys, select **Select a product key file to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**. The keys that you have added appear in the **Product Keys** list view in the center pane. > [!IMPORTANT] > If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. -## Step 8: Install the product keys +## Step 8: Install the product keys -1. In the left-side pane, click the product that you want to install keys on to. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive). -3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. In the left-side pane, select the product that you want to install keys on to. + +2. If necessary, sort and filter the list of products so that it's easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#step-5-sort-and-filter-the-list-of-computers). + +3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. + +4. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. + +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you're installing a MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you aren't installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you've selected the product key that you want to install, select **Install Key**. Only one key can be installed at a time. + +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. + > [!NOTE] > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) -## Step 9: Activate the client products +## Step 9: Activate the client products 1. Select the individual products that you want to activate in the list-view pane. -2. On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option. -3. If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option. -4. Enter your alternate user name and password and click **OK**. + +2. On the menu bar, select **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also select **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option. + +3. If you're activating product keys using your current credential, select **Current credential** and continue to step 5. If you're activating products that require an administrator credential that is different from the one you're currently using, select the **Alternate credential** option. + +4. Enter your alternate user name and password and select **OK**. + 5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed. > [!NOTE] > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. > RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM. -## Related topics +## Related articles + - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) - diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index 1d4fd6f9b5..ccb63b5311 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -20,55 +20,75 @@ In this scenario, the Volume Activation Management Tool (VAMT) is used to activa ## Step 1: Install VAMT on a Workgroup Computer in the Isolated Lab 1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012. -2. Click the VAMT icon in the **Start** menu to open VAMT. -## Step 2: Configure the Windows Management Instrumentation Firewall Exception on Target Computers +2. Select the VAMT icon in the **Start** menu to open VAMT. + +## Step 2: Configure the Windows Management Instrumentation Firewall Exception on target computers - Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). > [!NOTE] > To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -## Step 3: Connect to a VAMT Database +## Step 3: Connect to a VAMT database -1. If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. -2. Click **Connect**. -3. If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) +1. If the host computer in the isolated lab workgroup isn't already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. -## Step 4: Discover Products +2. Select **Connect**. -1. In the left-side pane, in the **Products** node, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. -4. Click **Search**. +3. If you're already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) + +## Step 4: Discover products + +1. In the left-side pane, in the **Products** node, select the product that you want to activate. + +2. To open the **Discover Products** dialog box, select **Discover products** in the right-side pane. + +3. In the **Discover Products** dialog box, select **Search for computers in the Active Directory** to display the search options, and then select the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: + + - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + + - To search by individual computer name or IP address, select **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. + + - To search for computers in a workgroup, select **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, select the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (`*`) wildcard. For example, typing `a*` will display only those computer names that start with the letter **a**. + + - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. + +4. Select **Search**. The **Finding Computers** window appears and displays the search progress as the computers are located. When the search is complete, the products that VAMT discovers appear in the list view in the center pane. -## Step 5: Sort and Filter the List of Computers +## Step 5: Sort and filter the list of computers -You can sort the list of products so that it is easier to find the computers that require product keys to be activated: +You can sort the list of products so that it's easier to find the computers that require product keys to be activated: + +1. On the menu bar at the top of the center pane, select **Group by**, and then select **Product**, **Product Key Type**, or **License Status**. + +2. To sort the list further, you can select one of the column headings to sort by that column. -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. 3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. -## Step 6: Collect Status Information from the Computers in the Isolated Lab +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by product name, product key type, or license status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the product list view in the center pane. + +## Step 6: Collect status information from the computers in the Isolated lab To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: -- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. -- To select computers that are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. + +- To select a block of consecutively listed computers, select the first computer that you want to select, and then select the last computer while pressing the **Shift** key. + +- To select computers that aren't listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. **To collect status information from the selected computers** -- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. + +- In the right-side **Actions** pane, select **Update license status** in the **Selected Items** menu and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, select **Current Credentials** and continue to step 2.If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then select **OK**. + - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. > [!NOTE] @@ -76,21 +96,29 @@ To collect the status from select computers in the database, you can select comp ## Step 7: Add Product Keys -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. +1. Select the **Product Keys** node in the left-side pane, and then select **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. + 2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys: - - To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. + + - To add a single product key, select **Enter product key(s) separated by line breaks**, enter one or more product keys, and then select **Add key(s)**. + + - To import a Comma Separated Values File (CSV) that contains a list of product keys, select **Select a product key to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**. The keys that you have added appear in the **Product Keys** list view in the center pane. ## Step 8: Install the Product Keys on the Isolated Lab Computers -1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). +1. In the left-side pane, in the **Products** node select the product that you want to install keys onto. + +2. If necessary, sort and filter the list of products so that it's easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#step-5-sort-and-filter-the-list-of-computers). + 3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + +4. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. + +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you're installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you aren't installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you've selected the product key that you want to install, select **Install Key**. Only one key can be installed at a time. + +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. @@ -100,66 +128,89 @@ To collect the status from select computers in the database, you can select comp > [!NOTE] > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. -## Step 9: Export VAMT Data to a .cilx File +## Step 9: Export VAMT data to a `.cilx` file -In this step, you export VAMT from the workgroup's host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. +In this step, you export VAMT from the workgroup's host computer and save it in a `.cilx` file. Then you copy the `.cilx` file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it's critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. 1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products. -2. In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box. -3. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data. + +2. In the right-side **Actions** pane, select **Export list** to open the **Export List** dialog box. + +3. In the **Export List** dialog box, select **Browse** to navigate to the `.cilx` file, or enter the name of the `.cilx` file to which you want to export the data. + 4. Under **Export options**, select one of the following data-type options: + - Export products and product keys. + - Export products only. - - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise's security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host. + + - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported `.cilx` file when this selection is selected. This option should be used when an enterprise's security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the `.cilx` file that is transferred to the Core Network VAMT host. + 5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box. -6. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. + +6. Select **Save**. VAMT displays a progress message while the data is being exported. Select **OK** when a message appears and confirms that the export has completed successfully. + 7. If you exported the list to a file on the host computer's hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device. > [!IMPORTANT] - > Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup's VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. + > Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the `.cilx` file. Therefore, the `.cilx` file must be re-imported into the SQL Server database on the isolated lab workgroup's VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. -## Step 10: Acquire Confirmation IDs from Microsoft on the Internet-Connected Host Computer +## Step 10: Acquire confirmation IDs from Microsoft on the internet connected host computer 1. Insert the removable media into the VAMT host that has Internet access. + 2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. -3. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. -5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message. -## Step 11: Import the .cilx File onto the VAMT Host within the Isolated Lab Workgroup +3. In the right-side **Actions** pane, select **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -1. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. -2. Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating. -3. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box. -4. In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**. -5. Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file. -6. VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported. +4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the `.cilx` file that you exported from the isolated lab host computer, select the file, and then select **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. + +5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Select **OK** to close the message. + +## Step 11: Import the `.cilx` file onto the VAMT host within the Isolated lab workgroup + +1. Remove the storage device that contains the `.cilx` file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. + +2. Open VAMT and verify that you're connected to the database that contains the computer with the product keys that you're activating. + +3. In the right-side **Actions** pane, select **Import list** to open the **Import List** dialog box. + +4. In the **Import list** dialog box, browse to the location of the `.cilx` file that contains the CIDs, select the file, and then select **Open**. + +5. Select **OK** to import the file and to overwrite any conflicting data in the database with data from the file. + +6. VAMT displays a progress message while the data is being imported. Select **OK** when a message appears and confirms that the data has been successfully imported. ## Step 12: Apply the CIDs and Activate the Isolated Lab Computers 1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products. -2. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. - VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +2. In the right-side **Selected Items** menu, select **Activate**, select **Apply Confirmation ID**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password. + + VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. ## Step 13: (Optional) Reactivating Reimaged Computers in the Isolated Lab -If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers has not changed, VAMT can reactivate those computers using the CIDs that are stored in the database. -1. Redeploy products to each computer, using the same computer names as before. -2. Open VAMT. -3. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers hasn't changed, VAMT can reactivate those computers using the CIDs that are stored in the database. - VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. Redeploy products to each computer, using the same computer names as before. + +2. Open VAMT. + +3. In the right-side **Selected Items** menu, select **Activate**, select **Apply Confirmation ID**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password. + + VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. > [!NOTE] - > Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. - - RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + > Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. + + RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 won't enter RFM. > [!NOTE] > Reapplying the same CID conserves the remaining activations on the MAK. -## Related topics +## Related articles + - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md index 06b0801a32..eb5553920d 100644 --- a/windows/deployment/volume-activation/update-product-status-vamt.md +++ b/windows/deployment/volume-activation/update-product-status-vamt.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Update Product Status +# Update product status After you add computers to the VAMT database, you need to use the **Update license status** function to add the products that are installed on the computers. You can also use the **Update license status** at any time to retrieve the most current license status for any products in the VAMT database. To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). @@ -22,14 +22,18 @@ The license-status query requires a valid computer name for each system queried. ## Update the license status of a product 1. Open VAMT. + 2. In the **Products** list, select one or more products that need to have their status updated. -3. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. -4. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. + +3. In the right-side **Actions** pane, select **Update license status** and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials different from the ones you used to log into the computer. + +4. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and select **OK**. VAMT displays the **Collecting product information** dialog box while it collects the status of all selected products. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane. > [!NOTE] If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view. - -## Related topics + +## Related articles + - [Add and Manage Products](add-manage-products-vamt.md) diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index 38adbc40dc..e742b9f498 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -14,22 +14,17 @@ ms.technology: itpro-fundamentals # Use the Volume Activation Management Tool -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -**Looking for retail activation?** -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys. -By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be -installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. +By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It's a standard Microsoft Management Console snap-in, and it can be installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740). @@ -38,8 +33,10 @@ In Windows Server 2012 R2, you can install the VAMT directly from Server Manager ## Activating with the Volume Activation Management Tool You can use the VAMT to complete the activation process in products by using MAK and retail keys, and you can work with computers individually or in groups. The VAMT enables two activation scenarios: + - **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. -- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. + +- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that don't have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. By using this method, only the VAMT host computer requires Internet access. Proxy activation by using the VAMT is beneficial for isolated network segments and for cases where your organization has a mix of retail, MAK, and KMS-based activations. ## Tracking products and computers with the Volume Activation Management Tool @@ -52,7 +49,7 @@ The VAMT provides an overview of the activation and licensing status of computer ## Tracking key usage with the Volume Activation Management Tool -The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. +The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it's and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. ![VAMT showing key types and usage.](../images/volumeactivationforwindows81-19.jpg) @@ -61,15 +58,18 @@ The VAMT makes it easier to track the various keys that are issued to your organ ## Other Volume Activation Management Tool features The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as: + - **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query. + - **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers. + - **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive. For more information, see: + - [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md) - [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md) -## See also +## Related articles + - [Volume Activation for Windows 10](volume-activation-windows-10.md) - - diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index eb3b96f723..35886bbb64 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -15,61 +15,87 @@ ms.technology: itpro-fundamentals The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool. -**To install PowerShell 3.0** -- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](/powershell/scripting/install/installing-powershell). +## Configuring VAMT in Windows PowerShell -**To install the Windows Assessment and Deployment Kit** -- In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). +### Install PowerShell 3.0 -**To prepare the VAMT PowerShell environment** -- To open PowerShell with administrative credentials, click **Start** and type "PowerShell" to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. +VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](/powershell/scripting/install/installing-powershell). + +### Install the Windows Assessment and Deployment Kit** + +In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). + +### Prepare the VAMT PowerShell environment + +To open PowerShell with administrative credentials, select **Start** and enter `PowerShell` to locate the program. Right-click **Windows PowerShell**, and then select **Run as administrator**. To open PowerShell in Windows 7, select **Start**, select **All Programs**, select **Accessories**, select **Windows PowerShell**, right-click **Windows PowerShell**, and then select **Run as administrator**. > [!IMPORTANT] - > If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: - - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe - - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe -- For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. + > If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are only supported for x86 architecture. You must use an x86 version of Windows PowerShell to import the VAMT module + + The x86 versions of Windows PowerShell are available in the following directories: + +- PowerShell: + + `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe` +- PowerShell ISE: + + `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe` + +For all supported operating systems, you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, enter: - For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type: - ``` powershell cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0" ``` -- Import the VAMT PowerShell module. To import the module, type the following at a command prompt: + +### Import the VAMT PowerShell module + +To import the VAMT PowerShell module, enter the following command at a PowerShell command prompt: + ``` powershell Import-Module .\VAMT.psd1 ``` - Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`. -## To Get Help for VAMT PowerShell cmdlets + where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, enter `get-help about_profiles`. + +## To get help for VAMT PowerShell cmdlets + +You can view all of the help sections for a VAMT PowerShell cmdlet, or you can view only the section that you're interested in. To view all of the Help content for a VAMT cmdlet, enter: -You can view all of the help sections for a VAMT PowerShell cmdlet, or you can view only the section that you are interested in. To view all of the Help content for a VAMT cmdlet, type: ``` powershell get-help -all ``` -For example, type: + +For example, enter: + ``` powershell get-help get-VamtProduct -all ``` -**Warning** -The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](/powershell/module/vamt). +> [!WARNING] +> The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the `-online` option with the `get-help` cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](/powershell/module/vamt). -**To view VAMT PowerShell Help sections** +### View VAMT PowerShell help sections + +1. To get the syntax to use with a cmdlet, enter the following command at a PowerShell command prompt: -1. To get the syntax to use with a cmdlet, type the following at a command prompt: ``` powershell get-help ``` - For example, type: + + For example, enter: + ``` powershell get-help get-VamtProduct ``` -2. To see examples using a cmdlet, type: + +2. To see examples using a cmdlet, enter: + ``` powershell get-help -examples ``` - For example, type: + + For example, enter: + ``` powershell get-help get-VamtProduct -examples ``` diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 73685db04c..948e4f2def 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -19,7 +19,9 @@ ms.technology: itpro-fundamentals The current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1, include: - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. -- When you open a Computer Information List (CIL) file that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. You must update the product status again to obtain the edition information. + +- When you open a Computer Information List (CIL) file that was saved by using a previous version of VAMT, the edition information isn't shown for each product in the center pane. You must update the product status again to obtain the edition information. + - The remaining activation count can only be retrieved for Multiple Activation Key (MAKs). ## Workarounds for adding CSVLKs for Windows 10 activation to VAMT 3.1 @@ -28,11 +30,11 @@ Another known issue is that when you try to add a Windows 10 Key Management Serv ![VAMT error message.](./images/vamt-known-issue-message.png) -This issue occurs because VAMT 3.1 does not contain the correct Pkconfig files to recognize this kind of key. To work around this issue, use one of the following methods. +This issue occurs because VAMT 3.1 doesn't contain the correct Pkconfig files to recognize this kind of key. To work around this issue, use one of the following methods. ### Method 1 -Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](/windows-server/get-started/activation-slmgr-vbs-options). +Don't add the CSVLK to the VAMT 3.1 tool. Instead, use the ` slmgr.vbs /ipk ` command to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the `Slmgr.vbs` tool, see [Slmgr.vbs options for obtaining volume activation information](/windows-server/get-started/activation-slmgr-vbs-options). ### Method 2 @@ -40,20 +42,32 @@ On the KMS host computer, perform the following steps: 1. Download the hotfix from [July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/3172614/). -1. In Windows Explorer, right-click **485392_intl_x64_zip** and extract the hotfix to C:\KB3058168. +2. In Windows Explorer, right-click **485392_intl_x64_zip** and extract the hotfix to C:\KB3058168. -1. To extract the contents of the update, run the following command: +3. To extract the contents of the update, run the following command: - ```console + ``` syntax expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\ ``` -1. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command: +4. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command: - ```console + ``` syntax expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168 ``` -1. In the C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716 folder, copy the pkeyconfig-csvlk.xrm-ms file. Paste this file into the C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig folder. +5. In the + + `C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716` + + folder, copy the + + `pkeyconfig-csvlk.xrm-ms` + + file. Paste this file into the + + `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig` + + folder. -1. Restart VAMT. +6. Restart VAMT. diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md index 5cc18cd62c..a304218987 100644 --- a/windows/deployment/volume-activation/vamt-requirements.md +++ b/windows/deployment/volume-activation/vamt-requirements.md @@ -11,11 +11,11 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# VAMT Requirements +# VAMT requirements -This topic includes info about the product key and system requirements for VAMT. +This article includes info about the product key and system requirements for VAMT. -## Product Key Requirements +## Product key requirements The Volume Activation Management Tool (VAMT) can be used to perform activations using any of the following types of product keys. @@ -24,7 +24,7 @@ The Volume Activation Management Tool (VAMT) can be used to perform activations |
  • Multiple Activation Key (MAK)
  • Key Management Service (KMS) host key (CSVLK)
  • KMS client setup keys (GVLK)
|Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). | |Retail product keys |Obtained at time of product purchase. | -## System Requirements +## System requirements The following table lists the system requirements for the VAMT host computer. @@ -39,5 +39,6 @@ The following table lists the system requirements for the VAMT host computer. | Operating System | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, or later. | | Additional Requirements |
  • Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).
  • PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](/powershell/scripting/install/installing-powershell).
  • If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.
| -## Related topics -- [Install and Configure VAMT](install-configure-vamt.md) +## Related articles + +- [Install and configure VAMT](install-configure-vamt.md) diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index 278a558c68..880a8cf474 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -11,19 +11,18 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# VAMT Step-by-Step Scenarios +# VAMT step-by-step scenarios This section provides instructions on how to implement the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; it describes here some of the most common to get you started. -## In this Section +## In this section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. | |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers—the first one with Internet access and a second computer within an isolated workgroup—as proxies to perform MAK volume activation for workgroup computers that don't have Internet access. | |[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | ## Related articles + - [Introduction to VAMT](introduction-vamt.md) - - diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index 0ddbc94c96..a56f8ed301 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -14,21 +14,18 @@ ms.technology: itpro-fundamentals # Volume Activation for Windows 10 -> Applies to +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) + +> [!TIP] +> Are you looking for volume licensing information? > ->- Windows 10 ->- Windows Server 2012 R2 ->- Windows Server 2012 ->- Windows Server 2016 ->- Windows Server 2019 +> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104) -**Looking for volume licensing information?** - -- [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104) - -**Looking for retail activation?** - -- [Get Help Activating Microsoft Windows](https://support.microsoft.com/help/12440/windows-10-activate) +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. @@ -38,25 +35,31 @@ Volume activation is a configurable solution that helps automate and manage the This guide provides information and step-by-step guidance to help you choose a volume activation method that suits your environment, and then to configure that solution successfully. This guide describes the volume activation features and the tools to manage volume activation. -Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions. +Because most organizations won't immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it doesn't discuss the tools that are provided with earlier operating system versions. -Volume activation -and the need for activation itself- is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)). +Volume activation -and the need for activation itself- isn't new, and this guide doesn't review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)). -If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). +If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). To successfully plan and implement a volume activation strategy, you must: - Learn about and understand product activation. + - Review and evaluate the available activation types or models. + - Consider the connectivity of the clients to be activated. + - Choose the method or methods to be used with each type of client. -- Determine the types and number of product keys you will need. + +- Determine the types and number of product keys you'll need. + - Determine the monitoring and reporting needs in your organization. + - Install and configure the tools required to support the methods selected. -Keep in mind that the method of activation does not change an organization's responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place. +Keep in mind that the method of activation doesn't change an organization's responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place. -## Additional information +## Related articles - [Plan for volume activation](plan-for-volume-activation-client.md) - [Activate using Key Management Service](activate-using-key-management-service-vamt.md) From 90997c3c2c2b311d88cbfdb6b8325edbccee6b22 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 16:05:52 -0700 Subject: [PATCH 046/108] Update understanding-migration-xml-files.md Line 363: Delete space before colon. --- windows/deployment/usmt/understanding-migration-xml-files.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 071a5d9d6f..bbfd70227a 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -360,7 +360,7 @@ If you don't know the file name or location of the file, but you do know the fil ``` -#### Example 3 : Use a UserandSystem context component to run rules in both contexts +#### Example 3: Use a UserandSystem context component to run rules in both contexts If you want the **<UnconditionalExclude>** element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts. From 42c988bfa0c8f5b04308bf9fd9c8279249dfab18 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:09:15 -0700 Subject: [PATCH 047/108] Update microsoft-compatible-security-key.md Line 30: an user > a user --- .../hello-for-business/microsoft-compatible-security-key.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 01125209e2..a446e2b52f 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -27,6 +27,6 @@ A security key **MUST** implement the following features and extensions from the | #
| Feature / Extension trust
| Why is this required?
| | --- | --- | --- | | 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | -| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have an user interface| +| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have a user interface| | 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode | | 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like Microsoft Account (MSA) and Azure Active Directory (AAD) | From af46d62bad7d6ad58e99088b09378eb3dba9b439 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:13:42 -0700 Subject: [PATCH 048/108] Update hello-hybrid-key-whfb-settings-pki.md Line 88: an enterprise > enterprise --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 899024b5f2..7d80a9ac21 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -85,7 +85,7 @@ The certificate template is configured to supersede all the certificate template The certificate authority may only issue certificates for certificate templates that are published to that certificate authority. If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate. -Sign-in to the certificate authority or management workstations with an _enterprise administrator_ equivalent credentials. +Sign-in to the certificate authority or management workstations with _enterprise administrator_ equivalent credentials. 1. Open the **Certificate Authority** management console. 2. Expand the parent node from the navigation pane. From 9e3c0b190b6d250fe326731a39d3a1b40a9a5621 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:24:32 -0700 Subject: [PATCH 049/108] Update hello-hybrid-key-whfb-settings-policy.md Line 31: needs > need Line 127: Some organizations may want not want slow sign-in > Some organizations may not want slow sign-in Line 133: Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint. > Windows doesn't provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition but disallowing fingerprint recognition. Line 154: Business . > Business. --- .../hello-hybrid-key-whfb-settings-policy.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index c014de2fb4..6d891a5b53 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -28,7 +28,7 @@ Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 C Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate. -Hybrid Azure AD-joined devices needs one Group Policy setting: +Hybrid Azure AD-joined devices need one Group Policy setting: * Enable Windows Hello for Business ### Configure Domain Controllers for Automatic Certificate Enrollment @@ -124,13 +124,13 @@ The default configuration for Windows Hello for Business is to prefer hardware p You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials. Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business. -Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. +Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. #### Use biometrics Windows Hello for Business provides a great user experience when combined with the use of biometrics. Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security. -The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disabled all biometrics. Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint. +The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disabled all biometrics. Currently, Windows doesn't provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition but disallowing fingerprint recognition. ### PIN Complexity @@ -151,7 +151,7 @@ Windows provides eight PIN Complexity Group Policy settings that give you granul ## Add users to the Windows Hello for Business Users group -Users must receive the Windows Hello for Business group policy settings and have the proper permission to provision Windows Hello for Business . You can provide users with these settings and permissions by adding the users or groups to the **Windows Hello for Business Users** group. Users and groups who are not members of this group will not attempt to enroll for Windows Hello for Business. +Users must receive the Windows Hello for Business group policy settings and have the proper permission to provision Windows Hello for Business. You can provide users with these settings and permissions by adding the users or groups to the **Windows Hello for Business Users** group. Users and groups who are not members of this group will not attempt to enroll for Windows Hello for Business. ### Section Review > [!div class="checklist"] @@ -175,4 +175,4 @@ Users must receive the Windows Hello for Business group policy settings and have 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md) 6. Configure Windows Hello for Business policy settings (*You are here*) -7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) \ No newline at end of file +7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) From 9e560280efcbc5a16bbe732633a5d82e30364023 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:33:06 -0700 Subject: [PATCH 050/108] Update hello-key-trust-adfs.md Line 32: an external networking peripherals > external networking peripherals Line 118: or GMSA > or GMSA, Line 130: must use create > must use or create Delete double-spaces following periods. --- .../hello-key-trust-adfs.md | 94 +++++++++---------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index 7bcdb76263..b9d46ebca9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -19,19 +19,19 @@ ms.technology: itpro-security --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust -Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration. +Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration. The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts. If your environment exceeds either of these factors or needs to provide SAML artifact resolution, token replay detection, or needs Active Directory Federation Services to operate in a federated provider role, then your deployment needs to use a SQL for your configuration database. To deploy the Active Directory Federation Services using SQL as its configuration database, please review the [Deploying a Federation Server Farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) checklist. -If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update. If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment. If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment. +If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update. If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment. If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment. Ensure you apply the Windows Server 2016 Update to all nodes in the farm after you have successfully completed the upgrade. -A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with an external networking peripherals, or with using the Network Load Balancing Role included in Windows Server. +A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with external networking peripherals, or with using the Network Load Balancing Role included in Windows Server. -Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. +Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. ## Update Windows Server 2016 @@ -44,19 +44,19 @@ Sign-in the federation server with _local admin_ equivalent credentials. ## Enroll for a TLS Server Authentication Certificate -Key trust Windows Hello for Business on-premises deployments need a federation server for device registration and key registration. Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity. +Key trust Windows Hello for Business on-premises deployments need a federation server for device registration and key registration. Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity. -The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority. The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm: +The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority. The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm: * Subject Name: The internal FQDN of the federation server (the name of the computer running AD FS) * Subject Alternate Name: Your federation service name, such as *fs.corp.contoso.com* (or an appropriate wildcard entry such as *.corp.contoso.com) -You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**. The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com. +You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**. The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com. -You can, however, issue one certificate for all hosts in the farm. If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request. All names should include the FQDN of each host in the farm and the federation service name. +You can, however, issue one certificate for all hosts in the farm. If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request. All names should include the FQDN of each host in the farm and the federation service name. When creating a wildcard certificate, it is recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm. -Be sure to enroll or import the certificate into the AD FS server’s computer certificate store. Also, ensure all nodes in the farm have the proper TLS server authentication certificate. +Be sure to enroll or import the certificate into the AD FS server’s computer certificate store. Also, ensure all nodes in the farm have the proper TLS server authentication certificate. ### Internal Server Authentication Certificate Enrollment @@ -69,7 +69,7 @@ Sign-in the federation server with domain administrator equivalent credentials. 6. On the **Request Certificates** page, Select the **Internal Web Server** check box. 7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link.](images/hello-internal-web-server-cert.png) -8. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role. Click **Add**. Click **OK** when finished. +8. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role. Click **Add**. Click **OK** when finished. 9. Click **Enroll**. A server authentication certificate should appear in the computer’s Personal certificate store. @@ -81,17 +81,17 @@ The Active Directory Federation Service (AD FS) role provides the following serv * Key registration >[!IMPORTANT] -> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm. Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. +> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm. Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. -Windows Hello for Business depends on proper device registration. For on-premises key trust deployments, Windows Server 2016 AD FS handles device and key registration. +Windows Hello for Business depends on proper device registration. For on-premises key trust deployments, Windows Server 2016 AD FS handles device and key registration. Sign-in the federation server with _Enterprise Admin_ equivalent credentials. -1. Start **Server Manager**. Click **Local Server** in the navigation pane. +1. Start **Server Manager**. Click **Local Server** in the navigation pane. 2. Click **Manage** and then click **Add Roles and Features**. 3. Click **Next** on the **Before you begin** page. 4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**. -5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**. -6. On the **Select server roles** page, select **Active Directory Federation Services**. Click **Next**. +5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**. +6. On the **Select server roles** page, select **Active Directory Federation Services**. Click **Next**. 7. Click **Next** on the **Select features** page. 8. Click **Next** on the **Active Directory Federation Service** page. 9. Click **Install** to start the role installation. @@ -108,16 +108,16 @@ Before you continue with the deployment, validate your deployment progress by re ## Device Registration Service Account Prerequisite -The service account used for the device registration server depends on the domain controllers in the environment. +The service account used for the device registration server depends on the domain controllers in the environment. >[!NOTE] ->Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business. +>Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business. ### Windows Server 2012 or later Domain Controllers -Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them. Group Managed Service Accounts, or GMSA have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. The best part of GMSA is all this happens automatically. AD FS supports GMSA and should be configured using them for additional defense in depth security. +Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them. Group Managed Service Accounts, or GMSA, have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. The best part of GMSA is all this happens automatically. AD FS supports GMSA and should be configured using them for additional defense in depth security. -GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA. +GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA. #### Create KDS Root Key @@ -127,14 +127,14 @@ Sign-in a domain controller with _Enterprise Admin_ equivalent credentials. ### Windows Server 2008 or 2008 R2 Domain Controllers -Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts. Therefore, you must use create a normal user account as a service account where you are responsible for changing the password on a regular basis. +Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts. Therefore, you must use or create a normal user account as a service account where you are responsible for changing the password on a regular basis. #### Create an AD FS Service Account Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials. 1. Open **Active Directory Users and Computers**. 2. Right-click the **Users** container, Click **New**. Click **User**. -3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box. Type **adfssvc** in the **User logon name** text box. Click **Next**. +3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box. Type **adfssvc** in the **User logon name** text box. Click **Next**. 4. Enter and confirm a password for the **adfssvc** user. Clear the **User must change password at next logon** check box. 5. Click **Next** and then click **Finish**. @@ -145,19 +145,19 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva ### Windows Server 2016, 2012 R2 or later Domain Controllers -Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**. If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008-r2-domain-controllers) section. +Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**. If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008-r2-domain-controllers) section. Sign-in the federation server with _Domain Admin_ equivalent credentials. These procedures assume you are configuring the first federation server in a federation server farm. 1. Start **Server Manager**. -2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. +2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. ![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png) 3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**. 4. Click **Next** on the **Connect to Active Directory Domain Services** page. -5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*. +5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*. 6. Select the federation service name from the **Federation Service Name** list. -7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**. -8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**. In the **Account Name** box, type **adfssvc**. +7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**. +8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**. In the **Account Name** box, type **adfssvc**. 9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**. 10. On the **Review Options** page, click **Next**. 11. On the **Pre-requisite Checks** page, click **Configure**. @@ -165,11 +165,11 @@ Sign-in the federation server with _Domain Admin_ equivalent credentials. These ### Windows Server 2008 or 2008 R2 Domain Controllers -Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**. If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section. +Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**. If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section. -Sign-in the federation server with _Domain Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm. +Sign-in the federation server with _Domain Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm. 1. Start **Server Manager**. -2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. +2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. ![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png) 3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**. @@ -177,7 +177,7 @@ Sign-in the federation server with _Domain Admin_ equivalent credentials. These 5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as fs.corp.mstepdemo.net or fs.mstepdemo.net. 6. Select the federation service name from the **Federation Service Name** list. 7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**. -8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**. +8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**. * In the **Select User or Service Account** dialog box, type the name of the previously created AD FS service account (example adfssvc) and click **OK**. Type the password for the AD FS service account and click **Next**. 9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**. 10. On the **Review Options** page, click **Next**. @@ -195,7 +195,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 2. Click the **Users** container in the navigation pane. 3. Right-click **KeyAdmins** in the details pane and click **Properties**. 4. Click the **Members** tab and click **Add…** -5. In the **Enter the object names to select** text box, type **adfssvc**. Click **OK**. +5. In the **Enter the object names to select** text box, type **adfssvc**. Click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. 7. Change to server hosting the AD FS role and restart it. @@ -232,11 +232,11 @@ Before you continue with the deployment, validate your deployment progress by re ## Additional Federation Servers -Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm. +Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm. ### Server Authentication Certificate -Each server you add to the AD FS farm must have a proper server authentication certificate. Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate. As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities. +Each server you add to the AD FS farm must have a proper server authentication certificate. Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate. As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities. ### Install Additional Servers @@ -244,16 +244,16 @@ Adding federation servers to the existing AD FS farm begins with ensuring the se ## Load Balance AD FS Federation Servers -Many environments load balance using hardware devices. Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm. Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced. +Many environments load balance using hardware devices. Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm. Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced. ### Install Network Load Balancing Feature on AD FS Servers Sign-in the federation server with _Enterprise Admin_ equivalent credentials. -1. Start **Server Manager**. Click **Local Server** in the navigation pane. +1. Start **Server Manager**. Click **Local Server** in the navigation pane. 2. Click **Manage** and then click **Add Roles and Features**. 3. Click **Next** On the **Before you begin** page. 4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**. -5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**. +5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**. 6. On the **Select server roles** page, click **Next**. 7. Select **Network Load Balancing** on the **Select features** page. 8. Click **Install** to start the feature installation @@ -261,33 +261,33 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. ### Configure Network Load Balancing for AD FS -Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster. Once you have created the cluster, then you can add new nodes to that cluster. +Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster. Once you have created the cluster, then you can add new nodes to that cluster. Sign-in a node of the federation farm with _Admin_ equivalent credentials. -1. Open **Network Load Balancing Manager** from **Administrative Tools**. +1. Open **Network Load Balancing Manager** from **Administrative Tools**. ![NLB Manager user interface.](images/hello-nlb-manager.png) 2. Right-click **Network Load Balancing Clusters**, and then click **New Cluster**. -3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**. +3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**. ![NLB Manager - Connect to new Cluster screen.](images/hello-nlb-connect.png) 4. Select the interface that you want to use with the cluster, and then click **Next**. (The interface hosts the virtual IP address and receives the client traffic to load balance.) 5. In **Host Parameters**, select a value in **Priority (Unique host identifier)**. This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. Click **Next**. -6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**. +6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**. ![NLB Manager - Add IP to New Cluster screen.](images/hello-nlb-add-ip.png) -7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster. +7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster. ![NLB Manager - Cluster IP Configuration screen.](images/hello-nlb-cluster-ip-config.png) 8. In **Cluster operation mode**, click **Unicast** to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. We recommend that you accept the unicast default settings. Click **Next**. -9. In Port Rules, click Edit to modify the default port rules to use port 443. +9. In Port Rules, click Edit to modify the default port rules to use port 443. ![NLB Manager - Add\Edit Port Rule screen.](images/hello-nlb-cluster-port-rule.png) ### Additional AD FS Servers 1. To add more hosts to the cluster, right-click the new cluster, and then click **Add Host to Cluster**. -2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same. +2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same. ![NLB Manager - Cluster with nodes.](images/hello-nlb-cluster.png) ## Configure DNS for Device Registration -Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials. You’ll need the Federation service name to complete this task. You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server. +Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials. You’ll need the Federation service name to complete this task. You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server. 1. Open the **DNS Management** console. 2. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**. 3. In the navigation pane, select the node that has the name of your internal Active Directory domain name. @@ -303,7 +303,7 @@ Sign-in the domain controller or administrative workstation with domain administ ## Configure the Intranet Zone to include the federation service -The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. +The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. ### Create an Intranet Zone Group Policy @@ -316,7 +316,7 @@ Sign-in the domain controller or administrative workstation with _Domain Admin_ 6. In the navigation pane, expand **Policies** under **Computer Configuration**. 7. Expand **Administrative Templates > Windows Component > Internet Explorer > Internet Control Panel**, and select **Security Page**. 8. In the content pane, double-click **Site to Zone Assignment List**. Click **Enable**. -9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**. Click OK twice, then close the Group Policy Management Editor. +9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**. Click OK twice, then close the Group Policy Management Editor. ### Deploy the Intranet Zone Group Policy object @@ -343,4 +343,4 @@ Before you continue with the deployment, validate your deployment progress by re 2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md) 3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*) 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md) -5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md) \ No newline at end of file +5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md) From 8e1e553939d5ea51c339a412909f04d2dcd7bd06 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:41:24 -0700 Subject: [PATCH 051/108] Update hello-key-trust-policy-settings.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/4f9ea3c2-df61-4414-9724-83d6732366f4#CORRECTNESS Line 80: Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. > Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. Line 86: Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint. > Currently, Windows does not provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition, but disallowing fingerprint recognition. --- .../hello-for-business/hello-key-trust-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index f53e797115..090e46cd72 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -77,13 +77,13 @@ The default configuration for Windows Hello for Business is to prefer hardware p You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials. Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business. -Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. +Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. ### Use biometrics Windows Hello for Business provides a great user experience when combined with the use of biometrics. Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security. -The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disabled all biometrics. Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint. +The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disabled all biometrics. Currently, Windows does not provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition, but disallowing fingerprint recognition. ### PIN Complexity From cc27ba6fabe45381b59c63516a660b75c3bfc292 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:51:00 -0700 Subject: [PATCH 052/108] Update hello-key-trust-validate-pki.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/54432279-52a6-466b-8108-fb9a24bb97cf#CORRECTNESS Line 26: enterprise have > enterprises have Lines 87 and 160: Sign-in to the certificate authority or management workstations with an Enterprise Admin equivalent credentials. > Sign in to the certificate authority or management workstations with **Enterprise** --- .../hello-key-trust-validate-pki.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 97af709387..5a4c114b16 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -19,17 +19,17 @@ ms.technology: itpro-security --- # Validate and Configure Public Key Infrastructure - Key Trust -Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. +Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. ## Deploy an enterprise certificate authority -This guide assumes most enterprise have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. +This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. ### Lab-based public key infrastructure The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment. -Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed. +Sign in using **Enterprise Admin** equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed. >[!NOTE] >Never install a certificate authority on a domain controller in a production environment. @@ -57,7 +57,7 @@ Domain controllers automatically request a domain controller certificate (if pub By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template. However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the Kerberos Authentication certificate template as a baseline to create an updated domain controller certificate template. -Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials. +Sign in to a certificate authority or management workstations with **Domain Admin** equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -65,7 +65,7 @@ Sign-in to a certificate authority or management workstations with _Domain Admin 3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**. -4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list. +4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list. 5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name. Adjust the validity and renewal period to meet your enterprise’s needs. @@ -84,7 +84,7 @@ Many domain controllers may have an existing domain controller certificate. The The Kerberos Authentication certificate template is the most current certificate template designated for domain controllers and should be the one you deploy to all your domain controllers (2008 or later). The autoenrollment feature in Windows enables you to effortlessly replace these domain controller certificates. You can use the following configuration to replace older domain controller certificates with a new certificate using the Kerberos Authentication certificate template. -Sign-in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials. +Sign in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -110,7 +110,7 @@ The certificate template is configured to supersede all the certificate template Windows clients use the https protocol when communicating with Active Directory Federation Services. To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm. On-premises deployments can use a server authentication certificate issued by their enterprise PKI. You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. -Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials. +Sign in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -141,7 +141,7 @@ The certificate authority only issues certificates based on published certificat The newly created domain controller authentication certificate template supersedes previous domain controller certificate templates. Therefore, you need to unpublish these certificate templates from all issuing certificate authorities. -Sign-in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials. +Sign in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -157,7 +157,7 @@ Sign-in to the certificate authority or management workstation with _Enterprise The certificate authority may only issue certificates for certificate templates that are published to that certificate authority. If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate. -Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials. +Sign in to the certificate authority or management workstations with **Enterprise Admin** equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -205,7 +205,7 @@ Domain controllers automatically request a certificate from the domain controlle ### Deploy the Domain Controller Auto Certificate Enrollment Group Policy Object -Sign-in to a domain controller or management workstations with _Domain Admin_ equivalent credentials. +Sign in to domain controller or management workstations with _Domain Admin_ equivalent credentials. 1. Start the **Group Policy Management Console** (gpmc.msc). From fb58cc60d690bda5b29a76ba57d2e2e02a673c33 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:53:00 -0700 Subject: [PATCH 053/108] Update hello-why-pin-is-better-than-password.md Line 3: online password . > online password. --- .../hello-for-business/hello-why-pin-is-better-than-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index b6e68de3cc..68cc9b2ecd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -1,6 +1,6 @@ --- title: Why a PIN is better than an online password (Windows) -description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password . +description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password. ms.prod: windows-client author: paolomatarazzo ms.author: paoloma From 1513244cb2913b69a31eceb63b4462f7647926b1 Mon Sep 17 00:00:00 2001 From: Dan Pandre <54847950+DanPandre@users.noreply.github.com> Date: Mon, 7 Nov 2022 21:45:26 -0500 Subject: [PATCH 054/108] Fix version support errors --- windows/client-management/mdm/networkqospolicy-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index f4af5800f6..70a952ccd4 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -40,7 +40,7 @@ The following actions are supported: > - Azure AD Hybrid joined devices. > - Devices that use both GPO and CSP at the same time. > -> The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Windows 10, version 2004. +> The minimum operating system requirement for this CSP is Windows 10, version 1703. This CSP is not supported in Microsoft Surface Hub prior to Windows 10, version 1703. The following example shows the NetworkQoSPolicy configuration service provider in tree format. ``` From e670f68ec81489ec521bb3b7894984f7e55fa4d1 Mon Sep 17 00:00:00 2001 From: Dan Pandre <54847950+DanPandre@users.noreply.github.com> Date: Mon, 7 Nov 2022 21:47:33 -0500 Subject: [PATCH 055/108] Fix typo --- windows/configuration/wcd/wcd-networkqospolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 84d67d3ede..50a9d20da9 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -21,7 +21,7 @@ Use to create network Quality of Service (QoS) policies. A QoS policy performs a | --- | :---: | :---: | :---: | :---: | | All settings | | ✔️ | | | -1. In **Available customizations**, select **NetworkQ0SPolicy**, enter a friendly name for the account, and then click **Add**. +1. In **Available customizations**, select **NetworkQoSPolicy**, enter a friendly name for the account, and then click **Add**. 2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. | Setting | Description | From 4e5db7c46371774ddd85ee909e840f6391eeacab Mon Sep 17 00:00:00 2001 From: Daniel Vazome <46573198+vazome@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:44:56 +0300 Subject: [PATCH 056/108] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 3a044684d8..7203802fbf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -72,7 +72,7 @@ sections: - question: How to delete Windows Hello for Business container on a device? answer: | - You can effectively disable Windows Hello for Business by launching `certutil.exe -deleteHelloContainer` on the end device under a user account. Reboot is required. + You can effectively disable Windows Hello for Business by launching `certutil.exe -deleteHelloContainer` on the end device under a user account, and then restarting the device. - question: How does Windows Hello for Business work with Azure AD registered devices? answer: | From 2f78d0113e7bba510fd4c1d0b87af39327261530 Mon Sep 17 00:00:00 2001 From: Daniel Vazome <46573198+vazome@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:45:02 +0300 Subject: [PATCH 057/108] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 7203802fbf..4e3090ec6c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -66,7 +66,7 @@ sections: - question: What's a container? answer: | - In the context of Windows Hello for Business it is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. + In the context of Windows Hello for Business, it is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials Windows Hello stores are protected without the creation of actual containers or folders. The container actually contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) From 89a4d90325092f0def9b023569a6dc80daf80286 Mon Sep 17 00:00:00 2001 From: Daniel Vazome <46573198+vazome@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:45:13 +0300 Subject: [PATCH 058/108] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 4e3090ec6c..01e86a2060 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -70,7 +70,7 @@ sections: It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials Windows Hello stores are protected without the creation of actual containers or folders. The container actually contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) - - question: How to delete Windows Hello for Business container on a device? + - question: How do I delete a Windows Hello for Business container on a device? answer: | You can effectively disable Windows Hello for Business by launching `certutil.exe -deleteHelloContainer` on the end device under a user account, and then restarting the device. From 285909f0b4356568221741fc34324835e7c3e4da Mon Sep 17 00:00:00 2001 From: Daniel Vazome <46573198+vazome@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:46:11 +0300 Subject: [PATCH 059/108] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 01e86a2060..2838d6030d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -67,7 +67,7 @@ sections: - question: What's a container? answer: | In the context of Windows Hello for Business, it is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. - It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials Windows Hello stores are protected without the creation of actual containers or folders. + It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials of Windows Hello stores are protected without the creation of actual containers or folders. The container actually contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) - question: How do I delete a Windows Hello for Business container on a device? From 832c6337ef2fc20d8e1803a86af08f81648d26d4 Mon Sep 17 00:00:00 2001 From: Nick White <104782157+nicholasswhite@users.noreply.github.com> Date: Tue, 8 Nov 2022 07:50:37 -0500 Subject: [PATCH 060/108] Remove unsupported windows per 6749521 --- .../provisioned-apps-windows-client-os.md | 264 +++++++++--------- 1 file changed, 132 insertions(+), 132 deletions(-) diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md index c695094f62..515bf87aeb 100644 --- a/windows/application-management/provisioned-apps-windows-client-os.md +++ b/windows/application-management/provisioned-apps-windows-client-os.md @@ -45,9 +45,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809| - | --- | --- | --- | --- | --- | --- | --- |--- | - | ✔️ | ✔️ | ✔️ | | | | | | + | Uninstall through UI? | 22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ✔️ | ✔️ | ✔️ || --- @@ -55,9 +55,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? | 22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ✔️ | ✔️ | ✔️ | ✔️️| --- @@ -65,9 +65,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | Use Settings App | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? | 22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | Use Settings App | ✔️ | ✔️ | ✔️| --- @@ -75,9 +75,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + |---| --- | --- | --- | + | ❌ | ✔️| ✔️| ✔️| --- @@ -85,9 +85,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️| ✔️| --- @@ -95,9 +95,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️| ✔️| ✔️| --- @@ -107,9 +107,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️||||||| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️||| --- @@ -117,9 +117,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -127,9 +127,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -137,9 +137,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? | 22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ✔️ | ✔️ | ✔️ | ✔️️| --- @@ -147,9 +147,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? | 22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ✔️ | ✔️ | ✔️ | ✔️️| --- @@ -157,9 +157,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -167,9 +167,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -177,9 +177,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -187,9 +187,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? | 22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ✔️ | ✔️ | ✔️ | ✔️️| --- @@ -197,9 +197,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -207,9 +207,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - | --- | --- | --- | --- | --- | --- | --- |--- | - |️ | ✔️ | ✔️ | ✔️|️ | ✔️|️️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | | ✔️ | ✔️ | ✔️| --- @@ -217,9 +217,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -227,9 +227,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -237,9 +237,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -247,9 +247,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -257,9 +257,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -267,9 +267,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -277,9 +277,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -287,9 +287,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -297,9 +297,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -307,9 +307,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -317,9 +317,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -327,9 +327,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -337,9 +337,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -347,9 +347,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -357,9 +357,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -367,9 +367,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -377,9 +377,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -387,9 +387,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -399,9 +399,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -409,9 +409,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -419,9 +419,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -429,9 +429,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -439,9 +439,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -449,9 +449,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -459,9 +459,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -469,9 +469,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- @@ -479,8 +479,8 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**. - Supported versions: --- - | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 | - |---| --- | --- | --- | --- | --- | --- |--- | - | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️| + | Uninstall through UI? |22H2| 21H1 | 20H2 | + | --- | --- | --- | --- | + | ❌ | ✔️ | ✔️ | ✔️| --- From 84ac8199e340800e23e679759e8d113fc011b81f Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 8 Nov 2022 20:02:04 +0530 Subject: [PATCH 061/108] Update windows-10-deployment-scenarios.md windows 10 subscription activation is Dynamic deployment reference - https://learn.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios?source=docs#dynamic Per issue#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10823 --- windows/deployment/windows-10-deployment-scenarios.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index 3d06ff84bb..4627e3d824 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -108,7 +108,7 @@ The goal of dynamic provisioning is to take a new PC out of the box, turn it on, ### Windows 10 Subscription Activation -Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation). +Windows 10 Subscription Activation is a dynamic deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation). ### Azure Active Directory (Azure AD) join with automatic mobile device management (MDM) enrollment @@ -191,4 +191,4 @@ The deployment process for the replace scenario is as follows: - [Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) - [Windows setup technical reference](/windows-hardware/manufacture/desktop/windows-setup-technical-reference) - [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) -- [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi) \ No newline at end of file +- [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi) From d1410c4968a9ac1275a91ba07a6ae57004a1553c Mon Sep 17 00:00:00 2001 From: rlianmsft <112862018+rlianmsft@users.noreply.github.com> Date: Tue, 8 Nov 2022 14:51:48 +0000 Subject: [PATCH 062/108] Update windows-autopatch-prerequisites.md Minor correction Window to Windows --- .../prepare/windows-autopatch-prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index 5008b76d7a..fa58f8fac2 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -29,7 +29,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl ## More about licenses -Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch: +Windows Autopatch is included with Windows 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch: | License | ID | GUID number | | ----- | ----- | ------| From 4f66c84e70e39ca6fbe3b85090f766f51ba19556 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:08:09 -0500 Subject: [PATCH 063/108] fix docfx client management --- windows/client-management/docfx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index 21740e86df..8c038b6c43 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -36,7 +36,7 @@ "recommendations": true, "breadcrumb_path": "/windows/resources/breadcrumb/toc.json", "uhfHeaderId": "MSDocsHeader-M365-IT", - "ms.technology": "windows", + "ms.technology": "itpro-manage", "audience": "ITPro", "ms.topic": "article", "manager": "dansimp", From 99384145010d47665528eaca0e804dc48c3b90fc Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 8 Nov 2022 10:49:38 -0500 Subject: [PATCH 064/108] fix docfx --- windows/application-management/docfx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index 0c2d4413bb..4cd7b0588c 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -36,7 +36,7 @@ "recommendations": true, "breadcrumb_path": "/windows/resources/breadcrumb/toc.json", "uhfHeaderId": "MSDocsHeader-M365-IT", - "ms.technology": "windows", + "ms.technology": "itpro-apps", "ms.topic": "article", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", From 095b83565bfd1a0b5b7b9fd170355294b75369f5 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 8 Nov 2022 10:54:58 -0500 Subject: [PATCH 065/108] update docfx2 --- windows/configuration/docfx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index 346cc5e640..315f3afa7f 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -36,7 +36,7 @@ "recommendations": true, "breadcrumb_path": "/windows/resources/breadcrumb/toc.json", "uhfHeaderId": "MSDocsHeader-M365-IT", - "ms.technology": "windows", + "ms.technology": "itpro-configure", "ms.topic": "article", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", From 85b2e45c9db437d69935dfc9fb3291a81c965b5e Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:00:53 -0500 Subject: [PATCH 066/108] update docfx3 hub --- windows/hub/docfx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json index 508d741a9b..f1b885b970 100644 --- a/windows/hub/docfx.json +++ b/windows/hub/docfx.json @@ -37,7 +37,7 @@ "audience": "ITPro", "breadcrumb_path": "/windows/resources/breadcrumb/toc.json", "uhfHeaderId": "MSDocsHeader-M365-IT", - "ms.technology": "windows", + "ms.technology": "itpro-fundamentals", "ms.topic": "article", "feedback_system": "GitHub", "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", From b707d6a57a1587103adeeb3933da67b2425a460c Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Tue, 8 Nov 2022 10:21:16 -0600 Subject: [PATCH 067/108] Update windows/client-management/mdm/policy-csp-mixedreality.md --- windows/client-management/mdm/policy-csp-mixedreality.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 68499ad67c..74e91637ff 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -340,7 +340,7 @@ Supported value is Integer. -You may want to configure a different time server for your device fleet. IT admins can use thi policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy. +You may want to configure a different time server for your device fleet. IT admins can use this policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy. This policy setting specifies a set of parameters for controlling the Windows NTP Client. Refer to [Policy CSP - ADMX_W32Time - Windows Client Management](/windows/client-management/mdm/policy-csp-admx-w32time#admx-w32time-policy-configure-ntpclient) for supported configuration parameters. From 8aa5ed48406e1110b12137ec6c9926173b2f42e0 Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Tue, 8 Nov 2022 10:23:15 -0600 Subject: [PATCH 068/108] Update policy-csp-mixedreality.md --- windows/client-management/mdm/policy-csp-mixedreality.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 74e91637ff..7f72869d59 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -159,7 +159,7 @@ Int value
-This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-fi. +This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-Fi. By default, launching applications via Launcher API (Launcher Class (Windows.System) - Windows UWP applications) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true. From 6d17e6d40f377943c129cd8cee568002f3047900 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 8 Nov 2022 10:07:22 -0700 Subject: [PATCH 069/108] Update initialize-and-configure-ownership-of-the-tpm.md Line 81: sign in > sign-in Various lines: cannot > can't / is not > isn't / did not > didn't / do not > don't / has not > hasn't / it is > it's / you are > you're (Increase Acro score.) https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/c4387421-c29f-4770-9241-eb86d60805ed#CORRECTNESS --- ...lize-and-configure-ownership-of-the-tpm.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index 77acd1c9f9..907c31420d 100644 --- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -39,35 +39,35 @@ Starting with Windows 10 and Windows 11, the operating system automatically init ## Troubleshoot TPM initialization -If you find that Windows is not able to initialize the TPM automatically, review the following information: +If you find that Windows isn't able to initialize the TPM automatically, review the following information: - You can try clearing the TPM to the factory default values and allowing Windows to re-initialize it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this article. -- If the TPM is a TPM 2.0 and is not detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM has not been disabled or hidden from the operating system. +- If the TPM is a TPM 2.0 and isn't detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM hasn't been disabled or hidden from the operating system. -- If you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it is turned back on, Windows will re-initialize it. +- If you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it's turned back on, Windows will re-initialize it. -- If you are attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM is not present on the computer. If you have a non-Microsoft driver installed, remove it and then allow the operating system to initialize the TPM. +- If you're attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM isn't present on the computer. If you have a non-Microsoft driver installed, remove it and then allow the operating system to initialize the TPM. ### Troubleshoot network connection issues for Windows 10, versions 1507 and 1511, or Windows 11 -If you have Windows 10, version 1507 or 1511, or Windows 11, the initialization of the TPM cannot complete when your computer has network connection issues and both of the following conditions exist: +If you have Windows 10, version 1507 or 1511, or Windows 11, the initialization of the TPM can't complete when your computer has network connection issues and both of the following conditions exist: - An administrator has configured your computer to require that TPM recovery information be saved in Active Directory Domain Services (AD DS). This requirement can be configured through Group Policy. -- A domain controller cannot be reached. This can occur on a computer that is currently disconnected from the network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter). +- A domain controller can't be reached. This can occur on a computer that is currently disconnected from the network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter). -If these issues occur, an error message appears, and you cannot complete the initialization process. To avoid this issue, allow Windows to initialize the TPM while you are connected to the corporate network and you can contact a domain controller. +If these issues occur, an error message appears, and you can't complete the initialization process. To avoid this issue, allow Windows to initialize the TPM while you're connected to the corporate network and you can contact a domain controller. ### Troubleshoot systems with multiple TPMs Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows does not support this behavior. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this article. -For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection is not changed. +For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection isn't changed. ## Clear all the keys from the TPM -You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM is not cleared before a new operating system is installed, most TPM functionality will probably work correctly. +You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM isn't cleared before a new operating system is installed, most TPM functionality will probably work correctly. Clearing the TPM resets it to an unowned state. After you clear the TPM, the Windows operating system will automatically re-initialize it and take ownership again. @@ -78,13 +78,13 @@ Clearing the TPM resets it to an unowned state. After you clear the TPM, the Win Clearing the TPM can result in data loss. To protect against such loss, review the following precautions: -- Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM. +- Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM. -- Do not clear the TPM on a device you do not own, such as a work or school PC, without being instructed to do so by your IT administrator. +- Don't clear the TPM on a device you don't own, such as a work or school PC, without being instructed to do so by your IT administrator. - If you want to temporarily suspend TPM operations and you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm), later in this article. -- Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Do not clear the TPM directly from UEFI. +- Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Don't clear the TPM directly from UEFI. - Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer's website. @@ -108,7 +108,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ ## Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 and higher) -Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. +Normally, the TPM is turned on as part of the TPM initialization process. You don't normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. ### Turn on the TPM @@ -122,7 +122,7 @@ If you want to use the TPM after you have turned it off, you can use the followi 3. Select **Shutdown** (or **Restart**), and then follow the UEFI screen prompts. - After the computer restarts, but before you sign in to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software is not attempting to make changes to the TPM. + After the computer restarts, but before you sign in to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software isn't attempting to make changes to the TPM. ### Turn off the TPM @@ -138,9 +138,9 @@ If you want to stop using the services that are provided by the TPM, you can use - If you saved your TPM owner password on a removable storage device, insert it, and then select **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, select **Browse** to locate the .tpm file that is saved on your removable storage device, select **Open**, and then select **Turn TPM Off**. - - If you do not have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**. + - If you don't have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**. - - If you did not save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password. + - If you didn't save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password. ## Use the TPM cmdlets From f816120cea207134f430a4515e0106ac82ae1940 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 8 Nov 2022 10:21:45 -0700 Subject: [PATCH 070/108] Update bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/a34823dc-8754-4b0c-9d94-b0ea7587db89#CORRECTNESS Increase Acro score. Various lines: do not > don't / cannot > can't / is not > isn't / you will > you'll / it is > it's / are not > aren't / does not > doesn't / they are > they're --- ...ve-encryption-tools-to-manage-bitlocker.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index 8dd862bb76..a78f47ee01 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -30,7 +30,7 @@ BitLocker Drive Encryption Tools include the command-line tools manage-bde and r Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios. -Repair-bde is a special circumstance tool that is provided for disaster recovery scenarios in which a BitLocker protected drive cannot be unlocked normally or using the recovery console. +Repair-bde is a special circumstance tool that is provided for disaster recovery scenarios in which a BitLocker protected drive can't be unlocked normally or using the recovery console. 1. [Manage-bde](#bkmk-managebde) 2. [Repair-bde](#bkmk-repairbde) @@ -74,20 +74,20 @@ manage-bde -protectors -add C: -pw -sid This command will require you to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, you can then turn on BitLocker. -On computers with a TPM, it is possible to encrypt the operating system volume without any defined protectors using manage-bde. Use this command: +On computers with a TPM, it's possible to encrypt the operating system volume without any defined protectors using manage-bde. Use this command: ```powershell manage-bde -on C: ``` -This command encrypts the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command: +This command encrypts the drive using the TPM as the default protector. If you aren't sure if a TPM protector is available, to list the protectors available for a volume, run the following command: ```powershell manage-bde -protectors -get ``` ### Using manage-bde with data volumes -Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or you can choose to add additional protectors to the volume first. We recommend that you add at least one primary protector and a recovery protector to a data volume. +Data volumes use the same syntax for encryption as operating system volumes but they don't require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or you can choose to add additional protectors to the volume first. We recommend that you add at least one primary protector and a recovery protector to a data volume. A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn on BitLocker. @@ -103,20 +103,20 @@ You may experience a problem that damages an area of a hard disk on which BitLoc The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive has become corrupt, you must be able to supply a backup key package in addition to the recovery password or recovery key. This key package is backed up in Active Directory Domain Services (AD DS) if you used the default setting for AD DS backup. With this key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected drive if the disk is corrupted. Each key package will work only for a drive that has the corresponding drive identifier. You can use the BitLocker Recovery Password Viewer to obtain this key package from AD DS. > [!TIP] -> If you are not backing up recovery information to AD DS or if you want to save key packages alternatively, you can use the command `manage-bde -KeyPackage` to generate a key package for a volume. +> If you aren't backing up recovery information to AD DS or if you want to save key packages alternatively, you can use the command `manage-bde -KeyPackage` to generate a key package for a volume. -The Repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. Use Repair-bde if the following conditions are true: +The Repair-bde command-line tool is intended for use when the operating system doesn't start or when you can't start the BitLocker Recovery Console. Use Repair-bde if the following conditions are true: - You have encrypted the drive by using BitLocker Drive Encryption. -- Windows does not start, or you cannot start the BitLocker recovery console. -- You do not have a copy of the data that is contained on the encrypted drive. +- Windows doesn't start, or you can't start the BitLocker recovery console. +- You don't have a copy of the data that is contained on the encrypted drive. > [!NOTE] > Damage to the drive may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the drive before you use the BitLocker Repair Tool. The Windows Recovery Environment (Windows RE) provides additional options to repair computers. The following limitations exist for Repair-bde: -- The Repair-bde command-line tool cannot repair a drive that failed during the encryption or decryption process. +- The Repair-bde command-line tool can't repair a drive that failed during the encryption or decryption process. - The Repair-bde command-line tool assumes that if the drive has any encryption, then the drive has been fully encrypted. For more information about using repair-bde, see [Repair-bde](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ff829851(v=ws.11)). @@ -140,14 +140,14 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work |**Suspend-BitLocker**|
  • Confirm
  • MountPoint
  • RebootCount
  • WhatIf| |**Unlock-BitLocker**|
  • AdAccountOrGroup
  • Confirm
  • MountPoint
  • Password
  • RecoveryKeyPath
  • RecoveryPassword
  • RecoveryPassword
  • WhatIf| -Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets. +Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they're encrypting prior to running Windows PowerShell cmdlets. A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the Get-BitLockerVolume cmdlet. The Get-BitLockerVolume cmdlet output gives information on the volume type, protectors, protection status, and other details. > [!TIP] -> Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a full listing of the protectors. +> Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If you don't see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a full listing of the protectors. `Get-BitLockerVolume C: | fl` If you want to remove the existing protectors prior to provisioning BitLocker on the volume, you could use the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed. @@ -199,7 +199,7 @@ Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw ### Using an AD Account or Group protector in Windows PowerShell -The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over to and be unlocked by any member computer of the cluster. +The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it doesn't unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over to and be unlocked by any member computer of the cluster. > [!WARNING] > The **ADAccountOrGroup** protector requires the use of an additional protector for use (such as TPM, PIN, or recovery key) when used on operating system volumes @@ -220,7 +220,7 @@ get-aduser -filter {samaccountname -eq "administrator"} ``` > [!TIP] -> In addition to the PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This does not require the use of additional features. +> In addition to the PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This doesn't require the use of additional features. The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account: From 9dacda0af4aa1017b70097efb7aedc1f3ccf0b98 Mon Sep 17 00:00:00 2001 From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com> Date: Tue, 8 Nov 2022 20:06:42 -0800 Subject: [PATCH 071/108] Update windows-autopatch-privacy.md Updated as per Harman. --- .../windows-autopatch/references/windows-autopatch-privacy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index 7d0ed1720d..deb50e8a52 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -1,7 +1,7 @@ --- title: Privacy description: This article provides details about the data platform and privacy compliance for Autopatch -ms.date: 11/01/2022 +ms.date: 11/08/2022 ms.prod: w11 ms.technology: windows ms.topic: reference @@ -43,7 +43,7 @@ Processor duties of Windows Autopatch include ensuring appropriate confidentiali Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations). > [!IMPORTANT] ->
    • Existing European Union (EU) customers are moving from the North American data centers to the European data centers by the end of 2022.
    • If you're an existing Autopatch customer, but **not** part of the European Union, data migration from North America to your respective data residency will occur next year.
    • As of Oct 31, 2022, only **new** Autopatch customers (EU, UK, Africa, Middle East) will have their data live in the European data centers.
    +>
    • As of November 8, 2022, only **new** Windows Autopatch customers (EU, UK, Africa, Middle East) will have their data live in the European data centers.
    • Existing European Union (EU) Windows Autopatch customers will move from the North American data centers to the European data centers by the end of 2022.
    • If you're an existing Windows Autopatch customer, but **not** part of the European Union, data migration from North America to your respective data residency will occur next year.
    Data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview). From ce71f576613c706ecacd95c78c8d530144d6394e Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 9 Nov 2022 10:48:47 -0800 Subject: [PATCH 072/108] Fixed bolding issue. --- .../windows-autopatch/references/windows-autopatch-privacy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index deb50e8a52..4850fddac3 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -43,7 +43,7 @@ Processor duties of Windows Autopatch include ensuring appropriate confidentiali Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations). > [!IMPORTANT] ->
    • As of November 8, 2022, only **new** Windows Autopatch customers (EU, UK, Africa, Middle East) will have their data live in the European data centers.
    • Existing European Union (EU) Windows Autopatch customers will move from the North American data centers to the European data centers by the end of 2022.
    • If you're an existing Windows Autopatch customer, but **not** part of the European Union, data migration from North America to your respective data residency will occur next year.
    +>
    • As of November 8, 2022, only new Windows Autopatch customers (EU, UK, Africa, Middle East) will have their data live in the European data centers.
    • Existing European Union (EU) Windows Autopatch customers will move from the North American data centers to the European data centers by the end of 2022.
    • If you're an existing Windows Autopatch customer, but not part of the European Union, data migration from North America to your respective data residency will occur next year.
    Data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview). From 09021084a099c991c7197b821b84143fdf3f73db Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 9 Nov 2022 14:57:04 -0500 Subject: [PATCH 073/108] Updates to Windows firewall docs --- windows/client-management/mdm/firewall-csp.md | 2 - .../best-practices-configuring.md | 88 ++++++------------- 2 files changed, 29 insertions(+), 61 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index f048be039c..ae2d0aca3b 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -25,8 +25,6 @@ The table below shows the applicability of Windows: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709. -The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709. - Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively. For detailed information on some of the fields below, see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](/openspecs/windows_protocols/ms-winerrata/6521c5c4-1f76-4003-9ade-5cccfc27c8ac). diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 7ed3e77df2..eeb43f2414 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -3,6 +3,7 @@ title: Best practices for configuring Windows Defender Firewall description: Learn about best practices for configuring Windows Defender Firewall keywords: firewall, best practices, security, network security, network, rules, filters, ms.prod: windows-client +ms.date: 11/09/2022 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -17,22 +18,12 @@ ms.collection: ms.topic: article ms.technology: itpro-security appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Windows Server 2016 - - ✅ Windows Server 2019 - - ✅ Windows Server 2022 + - ✅ Windows 10 and later + - ✅ Windows Server 2016 and later --- # Best practices for configuring Windows Defender Firewall -**Applies to** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - - Windows Defender Firewall with Advanced Security provides host-based, two-way network traffic filtering and blocks unauthorized network traffic flowing into or out of the local device. Configuring your Windows Firewall based on the @@ -40,8 +31,8 @@ following best practices can help you optimize protection for devices in your network. These recommendations cover a wide range of deployments including home networks and enterprise desktop/server systems. -To open Windows Firewall, go to the **Start** menu, select **Run**, -type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](./open-windows-firewall-with-advanced-security.md). +To open Windows Firewall, go to the **Start** menu, select **Run**, +type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](./open-windows-firewall-with-advanced-security.md). ## Keep default settings @@ -51,18 +42,14 @@ When you open the Windows Defender Firewall for the first time, you can see the *Figure 1: Windows Defender Firewall* -1. **Domain profile**: Used for networks where there's a system of account authentication against a domain controller (DC), such as an Azure Active Directory DC - -2. **Private profile**: Designed for and best used - in private networks such as a home network - -3. **Public profile**: Designed with higher security in mind - for public networks like Wi-Fi hotspots, coffee shops, airports, hotels, or stores +1. **Domain profile**: Used for networks where there's a system of account authentication against an Active Directory domain controller +1. **Private profile**: Designed for and best used in private networks such as a home network +1. **Public profile**: Designed with higher security in mind for public networks, like Wi-Fi hotspots, coffee shops, airports, hotels, or stores View detailed settings for each profile by right-clicking the top-level **Windows Defender Firewall with Advanced Security** node in the left pane and then selecting **Properties**. Maintain the default settings in Windows Defender -Firewall whenever possible. These settings have been designed to secure your device for use in most network scenarios. One key example is the default Block behavior for Inbound connections. +Firewall whenever possible. These settings have been designed to secure your device for use in most network scenarios. One key example is the default Block behavior for Inbound connections. ![A screenshot of a cell phone Description automatically generated.](images/fw03-defaults.png) @@ -84,27 +71,20 @@ This rule-adding task can be accomplished by right-clicking either **Inbound Rul *Figure 3: Rule Creation Wizard* > [!NOTE] ->This article does not cover step-by-step rule -configuration. See the [Windows Firewall with Advanced Security Deployment -Guide](./windows-firewall-with-advanced-security-deployment-guide.md) -for general guidance on policy creation. +>This article does not cover step-by-step rule configuration. See the [Windows Firewall with Advanced Security Deployment Guide](./windows-firewall-with-advanced-security-deployment-guide.md) for general guidance on policy creation. -In many cases, allowing specific types of inbound traffic will be required for -applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when -allowing these inbound exceptions. +In many cases, allowing specific types of inbound traffic will be required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when allowing these inbound exceptions. -1. Explicitly defined allow rules will take precedence over the default block setting. - -2. Explicit block rules will take precedence over any conflicting allow rules. - -3. More specific rules will take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. (For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 will take precedence.) +1. Explicitly defined allow rules will take precedence over the default block setting. +1. Explicit block rules will take precedence over any conflicting allow rules. +1. More specific rules will take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. (For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 will take precedence.) Because of 1 and 2, it's important that, when designing a set of policies, you make sure that there are no other explicit block rules in place that could inadvertently overlap, thus preventing the traffic flow you wish to allow. A general security best practice when creating inbound rules is to be as specific as possible. However, when new rules must be made that use ports or IP addresses, consider using consecutive ranges or subnets instead of individual addresses or ports where possible. This approach avoids creation of multiple filters under the hood, reduces complexity, and helps to avoid performance degradation. -> [!NOTE] -> Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. +> [!NOTE] +> Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. ## Create rules for new applications before first launch @@ -123,7 +103,6 @@ In either of the scenarios above, once these rules are added they must be delete > [!NOTE] > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from third-party software should be determined by trusted app developers, the user, or the admin on behalf of the user. - ### Known issues with automatic rule creation When designing a set of firewall policies for your network, it's a best practice to configure allow rules for any networked applications deployed on the host. Having these rules in place before the user first launches the application will help ensure a seamless experience. @@ -132,11 +111,9 @@ The absence of these staged rules doesn't necessarily mean that in the end an ap To determine why some applications are blocked from communicating in the network, check for the following instances: -1. A user with sufficient privileges receives a query notification advising them that the application needs to make a change to the firewall policy. Not fully understanding the prompt, the user cancels or dismisses the prompt. - -2. A user lacks sufficient privileges and is therefore not prompted to allow the application to make the appropriate policy changes. - -3. Local Policy Merge is disabled, preventing the application or network service from creating local rules. +1. A user with sufficient privileges receives a query notification advising them that the application needs to make a change to the firewall policy. Not fully understanding the prompt, the user cancels or dismisses the prompt. +1. A user lacks sufficient privileges and is therefore not prompted to allow the application to make the appropriate policy changes. +1. Local Policy Merge is disabled, preventing the application or network service from creating local rules. Creation of application rules at runtime can also be prohibited by administrators using the Settings app or Group Policy. @@ -150,9 +127,9 @@ See also [Checklist: Creating Inbound Firewall Rules](./checklist-creating-inbou Firewall rules can be deployed: -1. Locally using the Firewall snap-in (**WF.msc**) -2. Locally using PowerShell -3. Remotely using Group Policy if the device is a member of an Active Directory Name, System Center Configuration Manager, or Intune (using workplace join) +1. Locally using the Firewall snap-in (**WF.msc**) +1. Locally using PowerShell +1. Remotely using Group Policy if the device is a member of an Active Directory Name, System Center Configuration Manager, or Intune (using workplace join) Rule merging settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for Domain, Private, and Public profiles. @@ -163,8 +140,7 @@ The rule-merging settings either allow or prevent local administrators from crea *Figure 5: Rule merging setting* > [!TIP] -> In the firewall [configuration service provider](/windows/client-management/mdm/firewall-csp), the -equivalent setting is *AllowLocalPolicyMerge*. This setting can be found under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. +> In the firewall [configuration service provider](/windows/client-management/mdm/firewall-csp), the equivalent setting is *AllowLocalPolicyMerge*. This setting can be found under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. If merging of local policies is disabled, centralized deployment of rules is required for any app that needs inbound connectivity. @@ -173,15 +149,12 @@ Management (MDM), or both (for hybrid or co-management environments). [Firewall CSP](/windows/client-management/mdm/firewall-csp) and [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) also have settings that can affect rule merging. -As a best practice, it's important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments, a more thorough analysis may be needed using network packet capture tools. +As a best practice, it's important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments, a more thorough analysis may be needed using network packet capture tools. In general, to maintain maximum security, admins should only push firewall exceptions for apps and services determined to serve legitimate purposes. - - > [!NOTE] -> The use of wildcard patterns, such as *C:\*\\teams.exe* is not -supported in application rules. We currently only support rules created using the full path to the application(s). +> The use of wildcard patterns, such as *C:\*\\teams.exe* is not supported in application rules. We currently only support rules created using the full path to the application(s). ## Know how to use "shields up" mode for active attacks @@ -208,15 +181,12 @@ Once the emergency is over, uncheck the setting to restore regular network traff What follows are a few general guidelines for configuring outbound rules. -- The default configuration of Blocked for Outbound rules can be - considered for certain highly secure environments. However, the Inbound rule configuration should never be changed in a way that Allows traffic by default. - -- It's recommended to Allow Outbound by default for most deployments for the sake of simplification around app deployments, unless the enterprise prefers tight security controls over ease-of-use. - -- In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that needs network connectivity and push those rules centrally, via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments). +- The default configuration of Blocked for Outbound rules can be considered for certain highly secure environments. However, the Inbound rule configuration should never be changed in a way that Allows traffic by default +- It's recommended to Allow Outbound by default for most deployments for the sake of simplification around app deployments, unless the enterprise prefers tight security controls over ease-of-use +- In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that needs network connectivity and push those rules centrally, via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments) For tasks related to creating outbound rules, see [Checklist: Creating Outbound Firewall Rules](./checklist-creating-outbound-firewall-rules.md). ## Document your changes -When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. Rules must be well-documented for ease of review both by you and other admins. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall. +When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. Rules must be well-documented for ease of review both by you and other admins. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall. From dcab3d676de6b995ef3c5b90954982aa17178c32 Mon Sep 17 00:00:00 2001 From: vazome Date: Wed, 9 Nov 2022 22:58:53 +0200 Subject: [PATCH 074/108] Changes suggested by @paolomatarazzo --- .../identity-protection/hello-for-business/hello-faq.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 3a044684d8..34cf6b5d48 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -66,9 +66,10 @@ sections: - question: What's a container? answer: | - In the context of Windows Hello for Business it is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. - It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials Windows Hello stores are protected without the creation of actual containers or folders. - The container actually contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) + In the context of Windows Hello for Business, it's shorthand for a logical grouping of key material or data. Windows Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. + The container holds enterprise credentials only on devices that have been registered with an organization; it contains key material for the enterprise IDP, such as on-premises Active Directory or Azure AD. + Note that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials of Windows Hello stores, are protected without the creation of actual containers or folders. + The container contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) - question: How to delete Windows Hello for Business container on a device? answer: | From d7788cc6e5996d91f88063c8f3a09d7cefb89eda Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Wed, 9 Nov 2022 14:06:52 -0800 Subject: [PATCH 075/108] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 1 + 1 file changed, 1 insertion(+) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 1dcaf9dc8b..532654b733 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -130,6 +130,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us | Safe Exam Browser | 3.3.2.413 | Win32 | Safe Exam Browser | | Senso.Cloud | 2021.11.15.0 | Win32 | Senso.Cloud | | SuperNova Magnifier & Screen Reader | 21.02 | Win32 | Dolphin Computer Access | +| SuperNova Magnifier & Speech | 21.02 | Win32 | Dolphin Computer Access | | Zoom | 5.9.1 (2581) | Win32 | Zoom | | ZoomText Fusion | 2022.2109.10 | Win32 | Freedom Scientific | | ZoomText Magnifier/Reader | 2022.2109.25 | Win32 | Freedom Scientific | From fa8162338e372f88cf287dd459419a0bf0b2a48a Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Wed, 9 Nov 2022 15:32:18 -0700 Subject: [PATCH 076/108] Update hello-faq.yml Check lines 261-266 for oddities in table formatting. Change small thing to see if issue cited in Acrolinx goes away. https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/738aad2e-d402-42b2-bef4-4fa67b102cc4#CORRECTNESS --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index f223c32852..751ec8d3bc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -259,7 +259,7 @@ sections: Windows Hello for Business works with any third-party federation servers that support the protocols used during the provisioning experience.

    | Protocol | Description | - | :---: | :--- | + | :--- | :--- | | [[MS-KPP]: Key Provisioning Protocol](/openspecs/windows_protocols/ms-kpp/25ff7bd8-50e3-4769-af23-bcfd0b4d4567) | Specifies the Key Provisioning Protocol, which defines a mechanism for a client to register a set of cryptographic keys on a user and device pair. | | [[MS-OAPX]: OAuth 2.0 Protocol Extensions](/openspecs/windows_protocols/ms-oapx/7612efd4-f4c8-43c3-aed6-f5c5ce359da2)| Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and log in hints. | | [[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients](/openspecs/windows_protocols/ms-oapxbc/2f7d8875-0383-4058-956d-2fb216b44706) | Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to RFC6749 (the OAuth 2.0 Authorization Framework) that allow a broker client to obtain access tokens on behalf of calling clients. | From dc7af19c15f782263497997982f3b4079780a57b Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Nov 2022 08:35:39 -0500 Subject: [PATCH 077/108] redirect troubleshoot --- windows/configuration/TOC.yml | 4 +- .../kiosk-additional-reference.md | 2 +- windows/configuration/kiosk-troubleshoot.md | 74 ---- .../start-layout-troubleshoot.md | 329 ------------------ 4 files changed, 3 insertions(+), 406 deletions(-) delete mode 100644 windows/configuration/kiosk-troubleshoot.md delete mode 100644 windows/configuration/start-layout-troubleshoot.md diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml index ff2dba8be7..a8f693f75a 100644 --- a/windows/configuration/TOC.yml +++ b/windows/configuration/TOC.yml @@ -37,7 +37,7 @@ - name: Use mobile device management (MDM) href: customize-windows-10-start-screens-by-using-mobile-device-management.md - name: Troubleshoot Start menu errors - href: start-layout-troubleshoot.md + href: /troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors.md - name: Changes to Start policies in Windows 10 href: changes-to-start-policies-in-windows-10.md - name: Accessibility settings @@ -89,7 +89,7 @@ - name: Use MDM Bridge WMI Provider to create a Windows client kiosk href: kiosk-mdm-bridge.md - name: Troubleshoot kiosk mode issues - href: kiosk-troubleshoot.md + href: /troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting - name: Configure multi-user and guest devices items: diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md index 456b4c7a45..64e71445c8 100644 --- a/windows/configuration/kiosk-additional-reference.md +++ b/windows/configuration/kiosk-additional-reference.md @@ -32,5 +32,5 @@ Topic | Description [Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps. [Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. [Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. -[Troubleshoot kiosk mode issues](kiosk-troubleshoot.md) | Tips for troubleshooting multi-app kiosk configuration. +[Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting.md) | Tips for troubleshooting multi-app kiosk configuration. diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md deleted file mode 100644 index 3f7f0c8659..0000000000 --- a/windows/configuration/kiosk-troubleshoot.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Troubleshoot kiosk mode issues (Windows 10/11) -description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues. -ms.reviewer: sybruckm -manager: aaroncz -ms.prod: windows-client -author: lizgt2000 -ms.localizationpriority: medium -ms.author: lizlong -ms.topic: article -ms.technology: itpro-configure ---- - -# Troubleshoot kiosk mode issues - - -**Applies to** - -- Windows 10 -- Windows 11 - -## Single-app kiosk issues - ->[!TIP] ->We recommend that you [enable logging for kiosk issues](kiosk-prepare.md#enable-logging). For some failures, events are only captured once. If you enable logging after an issue occurs with your kiosk, the logs may not capture those one-time events. In that case, prepare a new kiosk environment (such as a [virtual machine (VM)](kiosk-prepare.md#testing-your-kiosk-in-a-virtual-machine-vm)), set up your kiosk account and configuration, and try to reproduce the problem. - -### Sign-in issues - -1. Verify that User Account Control (UAC) is turned on. -2. Check the Event Viewer logs for sign-in issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**. - -### Automatic logon issues - -Check the Event Viewer logs for auto logon issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**. - -## Multi-app kiosk issues - -> [!NOTE] -> [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)] - -### Unexpected results - -For example: -- Start is not launched in full-screen -- Blocked hotkeys are allowed -- Task Manager, Cortana, or Settings can be launched -- Start layout has more apps than expected - -**Troubleshooting steps** - -1. [Verify that the provisioning package is applied successfully](kiosk-validate.md). -2. Verify that the account (config) is mapped to a profile in the configuration XML file. -3. Verify that the configuration XML file is authored and formatted correctly. Correct any configuration errors, then create and apply a new provisioning package. Sign out and sign in again to check the new configuration. -4. Additional logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default. - -![Event Viewer, right-click Operational, select enable log.](images/enable-assigned-access-log.png) - - -### Automatic logon issues - -Check the Event Viewer logs for auto logon issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**. - -### Apps configured in AllowedList are blocked - -1. Ensure the account is mapped to the correct profile and that the apps are specific for that profile. -2. Check the EventViewer logs for Applocker and AppxDeployment (under **Application and Services Logs\Microsoft\Windows**). - - -### Start layout not as expected - -- Make sure the Start layout is authored correctly. Ensure that the attributes **Size**, **Row**, and **Column** are specified for each application and are valid. -- Check if the apps included in the Start layout are installed for the assigned access user. -- Check if the shortcut exists on the target device, if a desktop app is missing on Start. - diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md deleted file mode 100644 index 37416c41fa..0000000000 --- a/windows/configuration/start-layout-troubleshoot.md +++ /dev/null @@ -1,329 +0,0 @@ ---- -title: Troubleshoot Start menu errors -description: Learn how to troubleshoot common Start menu errors in Windows 10. For example, learn to troubleshoot errors related to deployment, crashes, and performance. -ms.prod: windows-client -ms.author: lizlong -author: lizgt2000 -ms.localizationpriority: medium -ms.reviewer: -manager: aaroncz -ms.topic: troubleshooting -ms.technology: itpro-configure ---- - -# Troubleshoot Start menu errors - -> [!div class="nextstepaction"] -> Try our Virtual Agent - It can help you quickly identify and fix common Start menu issues. - -Start failures can be organized into these categories: - -- **Deployment/Install issues** - Easiest to identify but difficult to recover. This failure is consistent and usually permanent. Reset, restore from backup, or rollback to recover. -- **Performance issues** - More common with older hardware, low-powered machines. Symptoms include: High CPU utilization, disk contention, memory resources. This makes Start very slow to respond. Behavior is intermittent depending on available resources. -- **Crashes** - Also easy to identify. Crashes in Shell Experience Host or related can be found in System or Application event logs. This can be a code defect or related to missing or altered permissions to files or registry keys by a program or incorrect security tightening configurations. Determining permissions issues can be time consuming but a [SysInternals tool called Procmon](/sysinternals/downloads/procmon) will show **Access Denied**. The other option is to get a dump of the process when it crashes and depending on comfort level, review the dump in the debugger, or have support review the data. -- **Hangs** - in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start won't have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario. -- **Other issues** - Customization, domain policies, deployment issues. - -## Basic troubleshooting - -When troubleshooting basic Start issues (and for the most part, all other Windows apps), there are a few things to check if they aren't working as expected. For issues where the Start menu or subcomponent isn't working, you can do some quick tests to narrow down where the issue may reside. - -### Check the OS and update version - -- Is the system running the latest Feature and Cumulative Monthly update? -- Did the issue start immediately after an update? Ways to check: - - PowerShell:[System.Environment]::OSVersion.Version - - WinVer from CMD.exe - -### Check if Start is installed - -- If Start fails immediately after a feature update, on thing to check is if the App package failed to install successfully. - -- If Start was working and just fails intermittently, it's likely that Start is installed correctly, but the issue occurs downstream. The way to check for this problem is to look for output from these two PowerShell commands: - - - `get-AppXPackage -Name Microsoft.Windows.ShellExperienceHost` - - `get-AppXPackage -Name Microsoft.Windows.Cortana` - - :::image type="content" alt-text="Example of output from cmdlets." source="images/start-ts-1.png" lightbox="images/start-ts-1.png"::: - - Failure messages will appear if they aren't installed - -- If Start isn't installed, then the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there's a choice to save to delete user data), or restoring from backup. No method is supported to install Start Appx files. The results are often problematic and unreliable. - -### Check if Start is running - -If either component is failing to start on boot, reviewing the event logs for errors or crashes during boot may pin point the problem. Booting with MSCONFIG and using a selective or diagnostic startup option will eliminate and/or identify possible interference from additional applications. -- `get-process -name shellexperiencehost` -- `get-process -name searchui` - -If it's installed but not running, test booting into safe mode or use MSCONFIG to eliminate third-party or additional drivers and applications. - -### Check whether the system a clean install or upgrade - -- Is this system an upgrade or clean install? - - Run `test-path "$env:windir\panther\miglog.xml"` - - If that file doesn't exist, the system is a clean install. -- Upgrade issues can be found by running `test-path "$env:windir\panther\miglog.xml"` - -### Check if Start is registered or activated - -- Export the following Event log to CSV and do a keyword search in a text editor or spreadsheet: - - Microsoft-Windows-TWinUI/Operational for Microsoft.Windows.ShellExperienceHost or Microsoft.Windows.Cortana - - "Package wasn't found" - - "Invalid value for registry" - - "Element not found" - - "Package couldn't be registered" - -If these events are found, Start isn't activated correctly. Each event will have more detail in the description and should be investigated further. Event messages can vary. - -### Other things to consider - -When did the problem start? - -- Top issues for Start menu failure are triggered - - After an update - - After installation of an application - - After joining a domain or applying a domain policy -- Many of those issues are found to be - - Permission changes on Registry keys or folders - - Start or related component crashes or hangs - - Customization failure - -To narrow down the problem further, it's good to note: - -- What is the install background? - - Was this a deployment, install from media, other - - Using customizations? - - DISM - - Group Policy or MDM - - copyprofile - - Sysprep - - Other - -- Domain-joined - - Group policy settings that restrict access or permissions to folders or registry keys can cause issues with Start performance. - - Some Group Policies intended for Windows 7 or older have been known to cause issues with Start - - Untested Start Menu customizations can cause unexpected behavior by typically not complete Start failures. - -- Is the environment virtualized? - - VMware - - Citrix - - Other - -## Check Event logs that record Start Issues: - -- System Event log -- Application Event log -- Microsoft/Windows/Shell-Core* -- Microsoft/Windows/Apps/ -- Microsoft-Windows-TWinUI* -- Microsoft/Windows/AppReadiness* -- Microsoft/Windows/AppXDeployment* -- Microsoft-Windows-PushNotification-Platform/Operational -- Microsoft-Windows-CoreApplication/Operational -- Microsoft-Windows-ShellCommon-StartLayoutPopulation* -- Microsoft-Windows-CloudStore* - - -- Check for crashes that may be related to Start (explorer.exe, taskbar, and so on) - - Application log event 1000, 1001 - - Check WER reports - - C:\ProgramData\Microsoft\Windows\WER\ReportArchive\ - - C:\ProgramData\Micrt\Windowsosof\WER\ReportQueue\ - -If there is a component of Start that is consistently crashing, capture a dump that can be reviewed by Microsoft Support. - -## Common errors and mitigation - -The following list provides information about common errors you might run into with Start Menu, as well as steps to help you mitigate them. - -### Symptom: Start Menu doesn't respond on Windows 2012 R2, Windows 10, or Windows 2016 - -**Cause**: Background Tasks Infrastructure Service (BrokerInfrastructure) service isn't started. - -**Resolution**: Ensure that Background Tasks Infrastructure Service is set to automatic startup in Services MMC. - -If Background Tasks Infrastructure Service fails to start, verify that the Power Dependency Coordinator Driver (PDC) driver and registry key aren't disabled or deleted. If either are missing, restore from backup or the installation media. - -To verify the PDC Service, run `C:\>sc query pdc` in a command prompt. The results will be similar to the following: - ->SERVICE_NAME: pdc ->TYPE : 1 KERNEL_DRIVER ->STATE : 4 RUNNING -> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) ->WIN32_EXIT_CODE : 0 (0x0) ->SERVICE_EXIT_CODE : 0 (0x0) ->CHECKPOINT : 0x0 ->WAIT_HINT : 0x0 - -The PDC service uses pdc.sys located in the %WinDir%\system32\drivers. - -The PDC registry key is: -`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdc` -**Description**="@%SystemRoot%\\system32\\drivers\\pdc.sys,-101" -**DisplayName**="@%SystemRoot%\\system32\\drivers\\pdc.sys,-100" -**ErrorControl**=dword:00000003 -**Group**="Boot Bus Extender" -**ImagePath**=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\ - 72,00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,64,00,63,00,2e,00,73,00,79,\ - 00,73,00,00,00 -**Start**=dword:00000000 -**Type**=dword:00000001 - -In addition to the listed dependencies for the service, Background Tasks Infrastructure Service requires the Power Dependency Coordinator Driver to be loaded. If the PDC doesn't load at boot, Background Tasks Infrastructure Service will fail and affect Start Menu. - -Events for both PDC and Background Tasks Infrastructure Service will be recorded in the event logs. PDC shouldn't be disabled or deleted. BrokerInfrastructure is an automatic service. This Service is required for all these operating Systems as running to have a stable Start Menu. - ->[!NOTE] ->You cannot stop this automatic service when machine is running (C:\windows\system32\svchost.exe -k DcomLaunch -p). - - -### Symptom: After upgrading from 1511 to 1607 versions of Windows, the Group Policy "Remove All Programs list from the Start Menu" may not work - -**Cause**: There was a change in the All Apps list between Windows 10, versions 1511 and 1607. These changes mean the original Group Policy and corresponding registry key no longer apply. - -**Resolution**: This issue was resolved in the June 2017 updates. Update Windows 10, version 1607, to the latest cumulative or feature updates. - ->[!NOTE] ->When the Group Policy is enabled, the desired behavior also needs to be selected. By default, it is set to **None**. - - -### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted - -:::image type="content" alt-text="Screenshots that show download icons on app tiles and missing app tiles." source="images/start-ts-2.png" lightbox="images/start-ts-2.png"::: - -**Cause**: This issue is known. The first-time sign-in experience isn't detected and doesn't trigger the install of some apps. - -**Resolution**: This issue has been fixed for Windows 10, version 1709 in [KB 4089848](https://support.microsoft.com/help/4089848) March 22, 2018—KB4089848 (OS Build 16299.334) - -### Symptom: When attempting to customize Start Menu layout, the customizations don't apply or results aren't expected - -**Cause**: There are two main reasons for this issue: - -- Incorrect format: Editing the xml file incorrectly by adding an extra space or spaces, entering a bad character, or saving in the wrong format. - - To tell if the format is incorrect, check for **Event ID: 22** in the "Applications and Services\Microsoft\Windows\ShellCommon-StartLayoutPopulation\Operational" log. - - Event ID 22 is logged when the xml is malformed, meaning the specified file simply isn’t valid xml. - - When editing the xml file, it should be saved in UTF-8 format. - -- Unexpected information: This occurs when possibly trying to add a tile via an unexpected or undocumented method. - - **Event ID: 64** is logged when the xml is valid but has unexpected values. - - For example: The following error occurred while parsing a layout xml file: The attribute 'LayoutCustomizationRestrictiontype' on the element '{http://schemas.microsoft.com/Start/2014/LayoutModification}DefaultLayoutOverride' is not defined in the DTD/Schema. - -XML files can and should be tested locally on a Hyper-V or other virtual machine before deployment or application by Group Policy - -### Symptom: Start menu no longer works after a PC is refreshed using F12 during startup - -**Description**: If a user is having problems with a PC, it can be refreshed, reset, or restored. Refreshing the PC is a beneficial option because it maintains personal files and settings. When users have trouble starting the PC, "Change PC settings" in Settings is not accessible. So, to access the System Refresh, users may use the F12 key at startup. Refreshing the PC finishes, but Start Menu is not accessible. - -**Cause**: This issue is known and was resolved in a cumulative update released August 30, 2018. - -**Resolution**: Install corrective updates; a fix is included in the [September 11, 2018-KB4457142 release](https://support.microsoft.com/help/4457142). - -### Symptom: The All Apps list is missing from Start menu - -**Cause**: “Remove All Programs list from the Start menu" Group Policy is enabled. - -**Resolution**: Disable the “Remove All Programs list from the Start menu" Group Policy. - -### Symptom: Tiles are missing from the Start Menu when using Windows 10, version 1703 or older, Windows Server 2016, and Roaming User Profiles with a Start layout - -**Description**: There are two different Start Menu issues in Windows 10: -- Administrator configured tiles in the start layout fail to roam. -- User-initiated changes to the start layout are not roamed. - -Specifically, behaviors include -- Applications (apps or icons) pinned to the start menu are missing. -- Entire tile window disappears. -- The start button fails to respond. -- If a new roaming user is created, the first sign-in appears normal, but on subsequent sign-ins, tiles are missing. - - -![Example of a working layout.](images/start-ts-3.png) - -*Working layout on first sign-in of a new roaming user profile* - -![Example of a failing layout.](images/start-ts-4.png) - -*Failing layout on subsequent sign-ins* - - -**Cause**: A timing issue exists where the Start Menu is ready before the data is pulled locally from the Roaming User Profile. The issue does not occur on first logons of a new roaming user, as the code path is different and slower. - -**Resolution**: This issue has been resolved in Windows 10, versions 1703 and 1607, cumulative updates [as of March 2017](https://support.microsoft.com/help/4013429). - - -### Symptom: Start Menu layout customizations are lost after upgrading to Windows 10, version 1703 - -**Description**: - -Before the upgrade: - - ![Example of Start screen with customizations applied.](images/start-ts-5.jpg) - -After the upgrade the user pinned tiles are missing: - - ![Example of Start screen with previously pinned tiles missing.](images/start-ts-6.png) - -Additionally, users may see blank tiles if sign-in was attempted without network connectivity. - - ![Example of blank tiles.](images/start-ts-7.png) - - -**Resolution**: This issue was fixed in the [October 2017 update](https://support.microsoft.com/en-us/help/4041676). - -### Symptom: Tiles are missing after upgrade from Windows 10, version 1607 to version 1709 for users with Roaming User Profiles (RUP) enabled and managed Start Menu layout with partial lockdown - -**Resolution** The April 2018 LCU must be applied to Windows 10, version 1709 before a user logs on. - -### Symptom: Start Menu and/or Taskbar layout customizations are not applied if CopyProfile option is used in an answer file during Sysprep - -**Resolution**: CopyProfile is no longer supported when attempting to customize Start Menu or taskbar with a layoutmodification.xml. - -### Symptom: Start Menu issues with Tile Data Layer corruption - -**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](/windows/deployment/planning/windows-10-removed-features).) - -**Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed. - -1. The App or Apps work fine when you select the tiles. -2. The tiles are blank, have a generic placeholder icon, have the wrong or strange title information. -3. The app is missing, but listed as installed via PowerShell and works if you launch via URI. - - Example: `windows-feedback://` -4. In some cases, Start can be blank, and Action Center and Cortana do not launch. - ->[!Note] ->Corruption recovery removes any manual pins from Start. Apps should still be visible, but you’ll need to re-pin any secondary tiles and/or pin app tiles to the main Start view. Aps that you have installed that are completely missing from “all apps” is unexpected, however. That implies the re-registration didn’t work. - -Open a command prompt, and run the following command: - -```console -C:\Windows\System32\tdlrecover.exe -reregister -resetlayout -resetcache -``` - -Although a reboot is not required, it may help clear up any residual issues after the command is run. - -### Symptoms: Start Menu and Apps cannot start after upgrade to Windows 10 version 1809 when Symantec Endpoint Protection is installed - -**Description**: Start menu, Search, and Apps do not start after you upgrade a computer running Windows 7 that has Symantec Endpoint Protection installed to Windows 10 version 1809. - -**Cause**: This problem occurs because of a failure to load sysfer.dll. During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules. - -**Resolution** This issue was fixed by the Windows Cumulative Update that were released on December 5, 2018—KB4469342 (OS Build 17763.168). - -If you have already encountered this issue, use one of the following two options to fix the issue: - -**Option 1** Remove sysfer.dll from system32 folder and copy it back. Windows will set privilege automatically. - -**Option 2** - -1. Locate the directory C:\Windows\system32. - -2. Right-click on sysfer.dll and choose **Properties**. - -3. Switch to the **Security** tab. - -4. Confirm that **All Application Packages** group is missing. - -5. Select **Edit**, and then select **Add** to add the group. - -6. Test Start and other Apps. From b4adb02061141145bd50edecc541096c83a44b60 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Nov 2022 08:43:39 -0500 Subject: [PATCH 078/108] fix reference --- windows/configuration/kiosk-prepare.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index 8213f557da..350d88e8a6 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -206,7 +206,7 @@ For a more secure kiosk experience, we recommend that you make the following con ## Enable logging -Logs can help you [troubleshoot issues](./kiosk-troubleshoot.md) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default. +Logs can help you [troubleshoot issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting.md) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default. :::image type="content" source="images/enable-assigned-access-log.png" alt-text="On Windows client, open Event Viewer, right-click Operational, select enable log to turn on logging to help troubleshoot."::: From f05acc8d16f3fea39ff3a1f3edba7ffb7c699dd9 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 10 Nov 2022 10:28:10 -0500 Subject: [PATCH 079/108] Metadata updates --- education/windows/autopilot-reset.md | 7 ++++--- education/windows/change-home-to-edu.md | 3 +-- education/windows/change-to-pro-education.md | 7 ++++--- education/windows/chromebook-migration-guide.md | 2 +- education/windows/configure-windows-for-education.md | 2 +- .../windows/deploy-windows-10-in-a-school-district.md | 2 +- education/windows/deploy-windows-10-in-a-school.md | 2 +- education/windows/deploy-windows-10-overview.md | 2 +- education/windows/edu-deployment-recommendations.md | 2 +- education/windows/edu-stickers.md | 7 ++++--- education/windows/edu-take-a-test-kiosk-mode.md | 4 +--- education/windows/edu-themes.md | 3 +-- .../windows/education-scenarios-store-for-business.md | 4 +--- education/windows/enable-s-mode-on-surface-go-devices.md | 2 +- education/windows/federated-sign-in.md | 4 ++-- education/windows/get-minecraft-for-education.md | 9 ++++----- education/windows/s-mode-switch-to-edu.md | 2 +- education/windows/school-get-minecraft.md | 7 ++++--- education/windows/set-up-school-pcs-azure-ad-join.md | 2 +- .../windows/set-up-school-pcs-provisioning-package.md | 2 +- education/windows/set-up-school-pcs-technical.md | 2 +- education/windows/set-up-school-pcs-whats-new.md | 3 +-- education/windows/set-up-students-pcs-to-join-domain.md | 2 +- education/windows/set-up-students-pcs-with-apps.md | 2 +- education/windows/set-up-windows-10.md | 2 +- education/windows/take-a-test-app-technical.md | 4 +--- education/windows/take-tests-in-windows.md | 4 +--- education/windows/teacher-get-minecraft.md | 9 ++++----- education/windows/test-windows10s-for-edu.md | 7 ++++--- .../tutorial-school-deployment/configure-device-apps.md | 4 +--- .../configure-device-settings.md | 4 +--- .../configure-devices-overview.md | 4 +--- .../windows/tutorial-school-deployment/enroll-aadj.md | 4 +--- .../tutorial-school-deployment/enroll-autopilot.md | 4 +--- .../tutorial-school-deployment/enroll-overview.md | 4 +--- .../windows/tutorial-school-deployment/enroll-package.md | 4 +--- .../tutorial-school-deployment/manage-overview.md | 6 ++---- .../tutorial-school-deployment/manage-surface-devices.md | 4 ++-- .../windows/tutorial-school-deployment/reset-wipe.md | 4 +--- .../tutorial-school-deployment/troubleshoot-overview.md | 4 +--- education/windows/use-set-up-school-pcs-app.md | 2 +- education/windows/windows-11-se-overview.md | 7 ++++--- education/windows/windows-11-se-settings-list.md | 2 +- .../windows/windows-editions-for-education-customers.md | 2 +- 44 files changed, 71 insertions(+), 98 deletions(-) diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md index b261f4a4e9..ef0d5e186c 100644 --- a/education/windows/autopilot-reset.md +++ b/education/windows/autopilot-reset.md @@ -3,10 +3,11 @@ title: Reset devices with Autopilot Reset description: Learn about Autopilot Reset and how to enable and use it. ms.date: 08/10/2022 ms.topic: how-to -appliesto: - - ✅ Windows 10 -ms.collection: +appliesto: + - ✅ Windows 10" +ms.collection: - highpri + - education --- # Reset devices with Autopilot Reset diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md index d6aa215ab3..1826ecd768 100644 --- a/education/windows/change-home-to-edu.md +++ b/education/windows/change-home-to-edu.md @@ -8,8 +8,7 @@ ms.author: scbree ms.reviewer: paoloma manager: jeffbu appliesto: -- ✅ Windows 10 -- ✅ Windows 11 + - ✅ Windows 10 and later --- # Upgrade Windows Home to Windows Education on student-owned devices diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index 5deee8e80f..76f00168ee 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -3,10 +3,11 @@ title: Change to Windows 10 Education from Windows 10 Pro description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro. ms.topic: how-to ms.date: 08/10/2022 -appliesto: - - ✅ Windows 10 -ms.collection: +appliesto: + - ✅ Windows 10" +ms.collection: - highpri + - education --- # Change to Windows 10 Pro Education from Windows 10 Pro diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 0c08e17617..05c7db8963 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -4,7 +4,7 @@ description: Learn how to migrate a Google Chromebook-based learning environment ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Chromebook migration guide diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md index 6ef47f7153..587d279c84 100644 --- a/education/windows/configure-windows-for-education.md +++ b/education/windows/configure-windows-for-education.md @@ -4,7 +4,7 @@ description: Learn how to configure the OS diagnostic data, consumer experiences ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Windows 10 configuration recommendations for education customers diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md index 6d13cc8c9d..4935d37ed7 100644 --- a/education/windows/deploy-windows-10-in-a-school-district.md +++ b/education/windows/deploy-windows-10-in-a-school-district.md @@ -4,7 +4,7 @@ description: Learn how to deploy Windows 10 in a school district. Integrate the ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Deploy Windows 10 in a school district diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md index cb598bc6fd..1655458c44 100644 --- a/education/windows/deploy-windows-10-in-a-school.md +++ b/education/windows/deploy-windows-10-in-a-school.md @@ -4,7 +4,7 @@ description: Learn how to integrate your school environment with Microsoft Offic ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Deploy Windows 10 in a school diff --git a/education/windows/deploy-windows-10-overview.md b/education/windows/deploy-windows-10-overview.md index 8b772d160c..96d9d002e0 100644 --- a/education/windows/deploy-windows-10-overview.md +++ b/education/windows/deploy-windows-10-overview.md @@ -4,7 +4,7 @@ description: Learn how to use Windows 10 in schools. ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Windows 10 for Education diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md index 983f31ed85..17302ec0a3 100644 --- a/education/windows/edu-deployment-recommendations.md +++ b/education/windows/edu-deployment-recommendations.md @@ -4,7 +4,7 @@ description: Provides guidance on ways to customize the OS privacy settings, and ms.topic: guide ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Deployment recommendations for school IT administrators diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md index 0c40174ed0..2595b618f0 100644 --- a/education/windows/edu-stickers.md +++ b/education/windows/edu-stickers.md @@ -3,10 +3,11 @@ title: Configure Stickers for Windows 11 SE description: Learn about the Stickers feature and how to configure it via Intune and provisioning package. ms.date: 09/15/2022 ms.topic: how-to -appliesto: - - ✅ Windows 11 SE, version 22H2 -ms.collection: +appliesto: + - ✅ Windows 11 SE" +ms.collection: - highpri + - education --- # Configure Stickers for Windows 11 SE diff --git a/education/windows/edu-take-a-test-kiosk-mode.md b/education/windows/edu-take-a-test-kiosk-mode.md index a3d8944c42..85ce5efe26 100644 --- a/education/windows/edu-take-a-test-kiosk-mode.md +++ b/education/windows/edu-take-a-test-kiosk-mode.md @@ -4,9 +4,7 @@ description: Learn how to configure Windows to execute the Take a Test app in ki ms.date: 09/30/2022 ms.topic: how-to appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Configure Take a Test in kiosk mode diff --git a/education/windows/edu-themes.md b/education/windows/edu-themes.md index a477121ca5..1d00d1e8a9 100644 --- a/education/windows/edu-themes.md +++ b/education/windows/edu-themes.md @@ -4,8 +4,7 @@ description: Learn about education themes for Windows 11 and how to configure th ms.date: 09/15/2022 ms.topic: how-to appliesto: -- ✅ Windows 11, version 22H2 -- ✅ Windows 11 SE, version 22H2 + - ✅ Windows 11 --- # Configure education themes for Windows 11 diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md index cf50d7cf3e..1a86e4e1c4 100644 --- a/education/windows/education-scenarios-store-for-business.md +++ b/education/windows/education-scenarios-store-for-business.md @@ -4,9 +4,7 @@ description: Learn how IT admins and teachers can use Microsoft Store for Educat ms.topic: article ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Working with Microsoft Store for Education diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md index 39f39952b6..6fa45fd3e7 100644 --- a/education/windows/enable-s-mode-on-surface-go-devices.md +++ b/education/windows/enable-s-mode-on-surface-go-devices.md @@ -4,7 +4,7 @@ description: Learn how to enable S mode on Surface Go devices. ms.date: 08/10/2022 ms.topic: how-to appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Surface Go for Education - Enabling S mode diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md index 0f769a31e1..8159e325ab 100644 --- a/education/windows/federated-sign-in.md +++ b/education/windows/federated-sign-in.md @@ -8,11 +8,11 @@ ms.topic: how-to ms.localizationpriority: medium author: paolomatarazzo ms.author: paoloma -ms.reviewer: +ms.reviewer: manager: aaroncz ms.collection: education appliesto: -- ✅ Windows 11 SE, version 22H2 + - ✅ Windows 11 SE --- diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index 3bd2273634..7130259b1a 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -3,12 +3,11 @@ title: Get Minecraft Education Edition description: Learn how to get and distribute Minecraft Education Edition. ms.topic: how-to ms.date: 08/10/2022 -appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Windows 11 SE -ms.collection: +appliesto: + - ✅ Windows 10 and later" +ms.collection: - highpri + - education --- # Get Minecraft: Education Edition diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md index 612de4cf4c..fafc2716c8 100644 --- a/education/windows/s-mode-switch-to-edu.md +++ b/education/windows/s-mode-switch-to-edu.md @@ -4,7 +4,7 @@ description: Learn how to switch out of Windows 10 Pro in S mode to Windows 10 P ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md index 9ff9ce8dcd..8e26d1acea 100644 --- a/education/windows/school-get-minecraft.md +++ b/education/windows/school-get-minecraft.md @@ -3,10 +3,11 @@ title: For IT administrators get Minecraft Education Edition description: Learn how IT admins can get and distribute Minecraft in their schools. ms.topic: how-to ms.date: 08/10/2022 -appliesto: - - ✅ Windows 10 -ms.collection: +appliesto: + - ✅ Windows 10" +ms.collection: - highpri + - education --- # For IT administrators - get Minecraft: Education Edition diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md index 6eba776f7d..8ba0185e3d 100644 --- a/education/windows/set-up-school-pcs-azure-ad-join.md +++ b/education/windows/set-up-school-pcs-azure-ad-join.md @@ -4,7 +4,7 @@ description: Learn how Azure AD Join is configured in the Set up School PCs app. ms.topic: article ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Azure AD Join for school PCs diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md index ffee7c5880..58b9ae8063 100644 --- a/education/windows/set-up-school-pcs-provisioning-package.md +++ b/education/windows/set-up-school-pcs-provisioning-package.md @@ -4,7 +4,7 @@ description: List of the provisioning package settings that are configured in th ms.date: 08/10/2022 ms.topic: reference appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # What's in my provisioning package? diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 9f2ecc9d8e..28907160cb 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -4,7 +4,7 @@ description: Describes the purpose of the Set up School PCs app for Windows 10 d ms.topic: conceptual ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # What is Set up School PCs? diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md index c36b901f8f..2b46d073f5 100644 --- a/education/windows/set-up-school-pcs-whats-new.md +++ b/education/windows/set-up-school-pcs-whats-new.md @@ -4,8 +4,7 @@ description: Find out about app updates and new features in Set up School PCs. ms.topic: whats-new ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 -- ✅ Windows 11 + - ✅ Windows 10 and later --- # What's new in Set up School PCs diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md index 16f670b6fa..91f2ad28d1 100644 --- a/education/windows/set-up-students-pcs-to-join-domain.md +++ b/education/windows/set-up-students-pcs-to-join-domain.md @@ -4,7 +4,7 @@ description: Learn how to use Windows Configuration Designer to provision studen ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Set up student PCs to join domain diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md index 679bb7206f..cf16da56b2 100644 --- a/education/windows/set-up-students-pcs-with-apps.md +++ b/education/windows/set-up-students-pcs-with-apps.md @@ -4,7 +4,7 @@ description: Learn how to use Windows Configuration Designer to easily provision ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Provision student PCs with apps diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md index c137703898..61f6b28d77 100644 --- a/education/windows/set-up-windows-10.md +++ b/education/windows/set-up-windows-10.md @@ -4,7 +4,7 @@ description: Decide which option for setting up Windows 10 is right for you. ms.topic: article ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Set up Windows devices for education diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md index 9b5498d558..daab02821c 100644 --- a/education/windows/take-a-test-app-technical.md +++ b/education/windows/take-a-test-app-technical.md @@ -4,9 +4,7 @@ description: List of policies and settings applied by the Take a Test app. ms.date: 09/30/2022 ms.topic: reference appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Take a Test app technical reference diff --git a/education/windows/take-tests-in-windows.md b/education/windows/take-tests-in-windows.md index 68472404be..1eea480188 100644 --- a/education/windows/take-tests-in-windows.md +++ b/education/windows/take-tests-in-windows.md @@ -4,9 +4,7 @@ description: Learn about the built-in Take a Test app for Windows and how to use ms.date: 09/30/2022 ms.topic: conceptual appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Take tests and assessments in Windows diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md index ee529257c0..685a738970 100644 --- a/education/windows/teacher-get-minecraft.md +++ b/education/windows/teacher-get-minecraft.md @@ -3,12 +3,11 @@ title: For teachers get Minecraft Education Edition description: Learn how teachers can obtain and distribute Minecraft. ms.topic: how-to ms.date: 08/10/2022 -appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Windows 11 SE -ms.collection: +appliesto: + - ✅ Windows 10 and later" +ms.collection: - highpri + - education --- # For teachers - get Minecraft: Education Edition diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index acc6aeb868..a1a41bcf5e 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -3,10 +3,11 @@ title: Test Windows 10 in S mode on existing Windows 10 education devices description: Provides guidance on downloading and testing Windows 10 in S mode for existing Windows 10 education devices. ms.topic: guide ms.date: 08/10/2022 -appliesto: - - ✅ Windows 10 -ms.collection: +appliesto: + - ✅ Windows 10" +ms.collection: - highpri + - education --- # Test Windows 10 in S mode on existing Windows 10 education devices diff --git a/education/windows/tutorial-school-deployment/configure-device-apps.md b/education/windows/tutorial-school-deployment/configure-device-apps.md index 694a87c643..89eb913446 100644 --- a/education/windows/tutorial-school-deployment/configure-device-apps.md +++ b/education/windows/tutorial-school-deployment/configure-device-apps.md @@ -4,9 +4,7 @@ description: Learn how to configure applications with Microsoft Intune in prepar ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Configure applications with Microsoft Intune diff --git a/education/windows/tutorial-school-deployment/configure-device-settings.md b/education/windows/tutorial-school-deployment/configure-device-settings.md index d2f56961ab..f70081a995 100644 --- a/education/windows/tutorial-school-deployment/configure-device-settings.md +++ b/education/windows/tutorial-school-deployment/configure-device-settings.md @@ -4,9 +4,7 @@ description: Learn how to configure policies with Microsoft Intune in preparatio ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Configure and secure devices with Microsoft Intune diff --git a/education/windows/tutorial-school-deployment/configure-devices-overview.md b/education/windows/tutorial-school-deployment/configure-devices-overview.md index 32b237ce5a..60bc205647 100644 --- a/education/windows/tutorial-school-deployment/configure-devices-overview.md +++ b/education/windows/tutorial-school-deployment/configure-devices-overview.md @@ -4,9 +4,7 @@ description: Learn how to configure policies and applications in preparation for ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Configure settings and applications with Microsoft Intune diff --git a/education/windows/tutorial-school-deployment/enroll-aadj.md b/education/windows/tutorial-school-deployment/enroll-aadj.md index 829124e264..ddcb5d2bb8 100644 --- a/education/windows/tutorial-school-deployment/enroll-aadj.md +++ b/education/windows/tutorial-school-deployment/enroll-aadj.md @@ -4,9 +4,7 @@ description: Learn how to join devices to Azure AD from OOBE and automatically g ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Automatic Intune enrollment via Azure AD join diff --git a/education/windows/tutorial-school-deployment/enroll-autopilot.md b/education/windows/tutorial-school-deployment/enroll-autopilot.md index 85c838b402..01394b420a 100644 --- a/education/windows/tutorial-school-deployment/enroll-autopilot.md +++ b/education/windows/tutorial-school-deployment/enroll-autopilot.md @@ -4,9 +4,7 @@ description: Learn how to join Azure AD and enroll in Intune using Windows Autop ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Windows Autopilot diff --git a/education/windows/tutorial-school-deployment/enroll-overview.md b/education/windows/tutorial-school-deployment/enroll-overview.md index 52fb94bc7a..d816ed1b94 100644 --- a/education/windows/tutorial-school-deployment/enroll-overview.md +++ b/education/windows/tutorial-school-deployment/enroll-overview.md @@ -4,9 +4,7 @@ description: Learn about the different options to enroll Windows devices in Micr ms.date: 08/31/2022 ms.topic: overview appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Device enrollment overview diff --git a/education/windows/tutorial-school-deployment/enroll-package.md b/education/windows/tutorial-school-deployment/enroll-package.md index 2021ec3ff0..9f96234636 100644 --- a/education/windows/tutorial-school-deployment/enroll-package.md +++ b/education/windows/tutorial-school-deployment/enroll-package.md @@ -4,9 +4,7 @@ description: Learn about how to enroll Windows devices with provisioning package ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Enrollment with provisioning packages diff --git a/education/windows/tutorial-school-deployment/manage-overview.md b/education/windows/tutorial-school-deployment/manage-overview.md index db77a8606f..00559d4384 100644 --- a/education/windows/tutorial-school-deployment/manage-overview.md +++ b/education/windows/tutorial-school-deployment/manage-overview.md @@ -1,12 +1,10 @@ --- title: Manage devices with Microsoft Intune -description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting. +description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting. ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Manage devices with Microsoft Intune diff --git a/education/windows/tutorial-school-deployment/manage-surface-devices.md b/education/windows/tutorial-school-deployment/manage-surface-devices.md index 7b888d8adb..42dfe281d0 100644 --- a/education/windows/tutorial-school-deployment/manage-surface-devices.md +++ b/education/windows/tutorial-school-deployment/manage-surface-devices.md @@ -3,8 +3,8 @@ title: Management functionalities for Surface devices description: Learn about the management capabilities offered to Surface devices, including firmware management and the Surface Management Portal. ms.date: 08/31/2022 ms.topic: tutorial -appliesto: -- ✅ Surface devices +appliesto: + - [✅ Surface devices] --- # Management functionalities for Surface devices diff --git a/education/windows/tutorial-school-deployment/reset-wipe.md b/education/windows/tutorial-school-deployment/reset-wipe.md index 7a404f7ecf..b9a1f80094 100644 --- a/education/windows/tutorial-school-deployment/reset-wipe.md +++ b/education/windows/tutorial-school-deployment/reset-wipe.md @@ -4,9 +4,7 @@ description: Learn about the reset and wipe options for Windows devices using In ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Device reset options diff --git a/education/windows/tutorial-school-deployment/troubleshoot-overview.md b/education/windows/tutorial-school-deployment/troubleshoot-overview.md index 1bf462b5f7..dd9817a5b9 100644 --- a/education/windows/tutorial-school-deployment/troubleshoot-overview.md +++ b/education/windows/tutorial-school-deployment/troubleshoot-overview.md @@ -4,9 +4,7 @@ description: Learn how to troubleshoot Windows devices from Intune and contact M ms.date: 08/31/2022 ms.topic: tutorial appliesto: -- ✅ Windows 10 -- ✅ Windows 11 -- ✅ Windows 11 SE + - ✅ Windows 10 and later --- # Troubleshoot Windows devices diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index c54a5ce446..05dbf61f4b 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -4,7 +4,7 @@ description: Learn how to use the Set up School PCs app and apply the provisioni ms.topic: how-to ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Use the Set up School PCs app diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 532654b733..2795af6de3 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -3,10 +3,11 @@ title: Windows 11 SE Overview description: Learn about Windows 11 SE, and the apps that are included with the operating system. ms.topic: article ms.date: 09/12/2022 -appliesto: - - ✅ Windows 11 SE -ms.collection: +appliesto: + - ✅ Windows 11 SE" +ms.collection: - highpri + - education --- # Windows 11 SE Overview diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 7cd1a683ce..774fca45dd 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -4,7 +4,7 @@ description: Windows 11 SE automatically configures settings in the operating sy ms.topic: article ms.date: 09/12/2022 appliesto: -- ✅ Windows 11 SE + - ✅ Windows 11 SE --- # Windows 11 SE for Education settings list diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md index 90b399237d..f933dc3465 100644 --- a/education/windows/windows-editions-for-education-customers.md +++ b/education/windows/windows-editions-for-education-customers.md @@ -4,7 +4,7 @@ description: Learn about the two Windows 10 editions that are designed for the n ms.topic: article ms.date: 08/10/2022 appliesto: -- ✅ Windows 10 + - ✅ Windows 10 --- # Windows 10 editions for education customers From ad3dd22648591dd60d75abbf47ea59169ebbfc7c Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 10 Nov 2022 10:44:05 -0500 Subject: [PATCH 080/108] updates --- education/windows/autopilot-reset.md | 2 +- education/windows/change-to-pro-education.md | 2 +- education/windows/edu-stickers.md | 2 +- education/windows/get-minecraft-for-education.md | 2 +- education/windows/school-get-minecraft.md | 2 +- education/windows/teacher-get-minecraft.md | 2 +- education/windows/test-windows10s-for-edu.md | 2 +- education/windows/tutorial-school-deployment/index.md | 2 ++ .../tutorial-school-deployment/manage-surface-devices.md | 2 +- education/windows/windows-11-se-overview.md | 2 +- 10 files changed, 11 insertions(+), 9 deletions(-) diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md index ef0d5e186c..0901d32b40 100644 --- a/education/windows/autopilot-reset.md +++ b/education/windows/autopilot-reset.md @@ -4,7 +4,7 @@ description: Learn about Autopilot Reset and how to enable and use it. ms.date: 08/10/2022 ms.topic: how-to appliesto: - - ✅ Windows 10" + - ✅ Windows 10 ms.collection: - highpri - education diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index 76f00168ee..f377a4582c 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -4,7 +4,7 @@ description: Learn how IT Pros can opt into changing to Windows 10 Pro Education ms.topic: how-to ms.date: 08/10/2022 appliesto: - - ✅ Windows 10" + - ✅ Windows 10 ms.collection: - highpri - education diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md index 2595b618f0..e7bf34ce22 100644 --- a/education/windows/edu-stickers.md +++ b/education/windows/edu-stickers.md @@ -4,7 +4,7 @@ description: Learn about the Stickers feature and how to configure it via Intune ms.date: 09/15/2022 ms.topic: how-to appliesto: - - ✅ Windows 11 SE" + - ✅ Windows 11 SE ms.collection: - highpri - education diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index 7130259b1a..903d8182e3 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -4,7 +4,7 @@ description: Learn how to get and distribute Minecraft Education Edition. ms.topic: how-to ms.date: 08/10/2022 appliesto: - - ✅ Windows 10 and later" + - ✅ Windows 10 and later ms.collection: - highpri - education diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md index 8e26d1acea..fca31b0f6b 100644 --- a/education/windows/school-get-minecraft.md +++ b/education/windows/school-get-minecraft.md @@ -4,7 +4,7 @@ description: Learn how IT admins can get and distribute Minecraft in their schoo ms.topic: how-to ms.date: 08/10/2022 appliesto: - - ✅ Windows 10" + - ✅ Windows 10 ms.collection: - highpri - education diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md index 685a738970..df19ac8729 100644 --- a/education/windows/teacher-get-minecraft.md +++ b/education/windows/teacher-get-minecraft.md @@ -4,7 +4,7 @@ description: Learn how teachers can obtain and distribute Minecraft. ms.topic: how-to ms.date: 08/10/2022 appliesto: - - ✅ Windows 10 and later" + - ✅ Windows 10 and later ms.collection: - highpri - education diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index a1a41bcf5e..09f9301130 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -4,7 +4,7 @@ description: Provides guidance on downloading and testing Windows 10 in S mode f ms.topic: guide ms.date: 08/10/2022 appliesto: - - ✅ Windows 10" + - ✅ Windows 10 ms.collection: - highpri - education diff --git a/education/windows/tutorial-school-deployment/index.md b/education/windows/tutorial-school-deployment/index.md index 14f76929f4..98574366e1 100644 --- a/education/windows/tutorial-school-deployment/index.md +++ b/education/windows/tutorial-school-deployment/index.md @@ -3,6 +3,8 @@ title: Introduction to the tutorial deploy and manage Windows devices in a schoo description: Introduction to deployment and management of Windows devices in education environments. ms.date: 08/31/2022 ms.topic: conceptual +appliesto: + - ✅ Windows 10 and later --- # Tutorial: deploy and manage Windows devices in a school diff --git a/education/windows/tutorial-school-deployment/manage-surface-devices.md b/education/windows/tutorial-school-deployment/manage-surface-devices.md index 42dfe281d0..e374fd8f7d 100644 --- a/education/windows/tutorial-school-deployment/manage-surface-devices.md +++ b/education/windows/tutorial-school-deployment/manage-surface-devices.md @@ -4,7 +4,7 @@ description: Learn about the management capabilities offered to Surface devices, ms.date: 08/31/2022 ms.topic: tutorial appliesto: - - [✅ Surface devices] + - ✅ Surface devices --- # Management functionalities for Surface devices diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 2795af6de3..4a7f0897d8 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -4,7 +4,7 @@ description: Learn about Windows 11 SE, and the apps that are included with the ms.topic: article ms.date: 09/12/2022 appliesto: - - ✅ Windows 11 SE" + - ✅ Windows 11 SE ms.collection: - highpri - education From 8eb589f2afb580e9ebffd4e8ea9ca7497a16c654 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Nov 2022 11:53:07 -0500 Subject: [PATCH 081/108] fix link --- .openpublishing.redirection.json | 12 +++++++++++- windows/configuration/kiosk-additional-reference.md | 3 +-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ad456cabb0..c1588e64bc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -20154,6 +20154,16 @@ "source_path": "windows/deployment/update/update-compliance-v2-workbook.md", "redirect_url": "/windows/deployment/update/wufb-reports-workbook", "redirect_document_id": false - } + }, + { + "source_path": "windows/configuration/kiosk-troubleshoot.md", + "redirect_url": "/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting", + "redirect_document_id": false + }, + { + "source_path": "windows/configuration/start-layout-troubleshoot.md", + "redirect_url": "/troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors", + "redirect_document_id": false + } ] } \ No newline at end of file diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md index 64e71445c8..fd0756d5ca 100644 --- a/windows/configuration/kiosk-additional-reference.md +++ b/windows/configuration/kiosk-additional-reference.md @@ -32,5 +32,4 @@ Topic | Description [Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps. [Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. [Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. -[Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting.md) | Tips for troubleshooting multi-app kiosk configuration. - +[Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration. \ No newline at end of file From 2a1bc7b64313506e72f41d247bc75aed7a17b16a Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Nov 2022 12:38:53 -0500 Subject: [PATCH 082/108] fix md and deprecation page --- windows/configuration/TOC.yml | 2 +- windows/configuration/kiosk-prepare.md | 2 +- windows/deployment/planning/windows-10-deprecated-features.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml index a8f693f75a..979f7648a6 100644 --- a/windows/configuration/TOC.yml +++ b/windows/configuration/TOC.yml @@ -37,7 +37,7 @@ - name: Use mobile device management (MDM) href: customize-windows-10-start-screens-by-using-mobile-device-management.md - name: Troubleshoot Start menu errors - href: /troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors.md + href: /troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors - name: Changes to Start policies in Windows 10 href: changes-to-start-policies-in-windows-10.md - name: Accessibility settings diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index 350d88e8a6..5ac71f90ec 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -206,7 +206,7 @@ For a more secure kiosk experience, we recommend that you make the following con ## Enable logging -Logs can help you [troubleshoot issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting.md) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default. +Logs can help you [troubleshoot issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default. :::image type="content" source="images/enable-assigned-access-log.png" alt-text="On Windows client, open Event Viewer, right-click Operational, select enable log to turn on logging to help troubleshoot."::: diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index e2d52b176a..c57fba110d 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -75,7 +75,7 @@ The features in this article are no longer being actively developed, and might b |Windows Hello for Business deployment that uses Microsoft Configuration Manager |Windows Server 2016 Active Directory Federation Services - Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 | |Windows PowerShell 2.0 | Applications and components should be migrated to PowerShell 5.0+. | 1709 | |Apndatabase.xml | Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This replacement includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | 1703 | -|Tile Data Layer | The [Tile Data Layer](/windows/configuration/start-layout-troubleshoot#symptom-start-menu-issues-with-tile-data-layer-corruption) database stopped development in Windows 10, version 1703. | 1703 | +|Tile Data Layer | The [Tile Data Layer](/troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors#symptom-start-menu-issues-with-tile-data-layer-corruption) database stopped development in Windows 10, version 1703. | 1703 | |TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 | |TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 | |IPsec Task Offload| [IPsec Task Offload](/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and shouldn't be used. | 1703 | From f4948d3be74f582c1868453c8bffe9f60d68077b Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 10 Nov 2022 15:38:47 -0500 Subject: [PATCH 083/108] updates --- education/windows/federated-sign-in.md | 5 +++-- .../includes/intune-custom-settings-1.md | 18 ++++++++++++++++++ .../includes/intune-custom-settings-2.md | 11 +++++++++++ .../intune-custom-settings-alternative.md | 8 ++++++++ .../includes/intune-custom-settings-info.md | 8 ++++++++ .../includes/intune-settings-catalog-1.md | 18 ++++++++++++++++++ .../includes/intune-settings-catalog-2.md | 11 +++++++++++ .../includes/intune-settings-catalog-info.md | 8 ++++++++ .../hello-for-business/hello-how-it-works.md | 7 +++---- .../hello-hybrid-cloud-kerberos-trust.md | 11 ++++++++--- 10 files changed, 96 insertions(+), 9 deletions(-) create mode 100644 education/windows/includes/intune-custom-settings-1.md create mode 100644 education/windows/includes/intune-custom-settings-2.md create mode 100644 education/windows/includes/intune-custom-settings-alternative.md create mode 100644 education/windows/includes/intune-custom-settings-info.md create mode 100644 education/windows/includes/intune-settings-catalog-1.md create mode 100644 education/windows/includes/intune-settings-catalog-2.md create mode 100644 education/windows/includes/intune-settings-catalog-info.md diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md index 8159e325ab..94f34b5942 100644 --- a/education/windows/federated-sign-in.md +++ b/education/windows/federated-sign-in.md @@ -57,7 +57,7 @@ To configure federated sign-in using Microsoft Intune, [create a custom profile] To sign-in with a SAML 2.0 identity provider, your devices must be configured with different policies, which can be configured using Microsoft Intune. -To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings: +[!INCLUDE [intune-custom-settings-1](includes/intune-custom-settings-1.md)] | Setting | |--------| @@ -68,7 +68,8 @@ To configure federated sign-in using Microsoft Intune, [create a custom profile] :::image type="content" source="images/federated-sign-in-settings-intune.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-intune.png" border="true"::: -Assign the policy to a security group that contains as members the devices that require federated sign-in. +[!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)] +[!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)] - - - -## Week of July 18, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 7/22/2022 | Deploy and manage a full cloud IT solution for your business | removed | -| 7/22/2022 | Windows 10/11 for small to midsize businesses | removed | From 1330bf6eb9a353916a240327e607c485da8b7137 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 11 Nov 2022 13:26:24 -0800 Subject: [PATCH 095/108] Update configure-wdac-managed-installer.md --- .../configure-wdac-managed-installer.md | 81 +++++++++++-------- 1 file changed, 46 insertions(+), 35 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md index 9eb2d45bf5..c18d896678 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md @@ -11,10 +11,10 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jogeurte ms.author: vinpa manager: aaroncz -ms.date: 08/14/2020 +ms.date: 11/11/2022 ms.technology: itpro-security --- @@ -29,21 +29,25 @@ ms.technology: itpro-security >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). -## Using fsutil to query SmartLocker EA +## Enabling managed installer and Intelligent Security Graph (ISG) logging events -Customers using Windows Defender Application Control (WDAC) with Managed Installer (MI) or Intelligent Security Graph (ISG) enabled can use fsutil to determine whether a file was allowed to run by one of these features. This verification can be done by querying the Extended Attributes (EAs) on a file using fsutil and looking for the KERNEL.SMARTLOCKER.ORIGINCLAIM EA. The presence of this EA indicates that either MI or ISG allowed the file to run. This EA's presence can be used in conjunction with enabling the MI and ISG logging events. +Refer to [Understanding Application Control Events](event-id-explanations.md#diagnostic-events-for-intelligent-security-graph-isg-and-managed-installer-mi) for information on enabling optional managed installer diagnostic events. + +## Using fsutil to query extended attributes for Managed Installer (MI) + +Customers using Windows Defender Application Control (WDAC) with Managed Installer (MI) enabled can use fsutil.exe to determine whether a file was created by a managed installer process. This verification is done by querying the Extended Attributes (EAs) on a file using fsutil.exe and looking for the KERNEL.SMARTLOCKER.ORIGINCLAIM EA. Then, you can use the data from the first row of output to identify if the file was created by a managed installer. For example, let's look at the fsutil.exe output for a file called application.exe: **Example:** ```powershell -fsutil file queryEA C:\Users\Temp\Downloads\application.exe +fsutil.exe file queryEA C:\Users\Temp\Downloads\application.exe Extended Attributes (EA) information for file C:\Users\Temp\Downloads\application.exe: Ea Buffer Offset: 410 Ea Name: $KERNEL.SMARTLOCKER.ORIGINCLAIM Ea Value Length: 7e -0000: 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................ +0000: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ 0010: b2 ff 10 66 bc a8 47 c7 00 d9 56 9d 3d d4 20 2a ...f..G...V.=. * 0020: 63 a3 80 e2 d8 33 8e 77 e9 5c 8d b0 d5 a7 a3 11 c....3.w.\...... 0030: 83 00 00 00 00 00 00 00 5c 00 00 00 43 00 3a 00 ........\...C.:. @@ -53,40 +57,47 @@ Ea Value Length: 7e 0070: 44 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 i.c.a.t.i.o.n..e.x.e ``` -## Enabling managed installer logging events +From the output shown above, find the first row of data labeled "0000:", which is then followed by 16 two-character sets. Every four sets form a group known as a ULONG. The two-character set at the front of the first ULONG will always be "01" as shown here: -Refer to [Understanding Application Control Events](event-id-explanations.md#diagnostic-events-for-intelligent-security-graph-isg-and-managed-installer-mi) for information on enabling optional managed installer diagnostic events. +0000: **`01` 00 00 00** 00 00 00 00 00 00 00 00 01 00 00 00 -## Deploying the Managed Installer rule collection +If there is "00" in the fifth position of the output (the start of the second ULONG), that indicates the EA is related to managed installer: -Once you've completed configuring your chosen Managed Installer, by specifying which option to use in the AppLocker policy, enabling the service enforcement of it, and by enabling the Managed Installer option in a WDAC policy, you'll need to deploy it. +0000: 01 00 00 00 **`00` 00 00 00** 00 00 00 00 01 00 00 00 -1. Use the following command to deploy the policy. +Finally, the two-character set in the ninth position of the output (the start of the third ULONG) indicates whether the file was created by a process running as managed installer. A value of "00" means the file was directly written by a managed installer process and will run if your WDAC policy trusts managed installers. + +0000: 01 00 00 00 00 00 00 00 **`00` 00 00 00** 01 00 00 00 + +If instead the starting value for the third ULONG is "02", then that indicates a "child of child". "Child of child" is set on any files created by something that was installed by a managed installer. But, the file was created **after** the managed installer completed its work. So this file **wouldn't** be allowed to run unless there's some other rule in your policy to allow it. + +In rarer cases, you may see other values in this position, but that will also run if your policy trusts managed installer. + +## Using fsutil to query extended attributes for Intelligent Security Graph (ISG) + +When an installer runs that has good reputation according to the ISG, the files that the installer writes to disk will inherit the reputation from the installer. These files with ISG inherited trust will also have the KERNEL.SMARTLOCKER.ORIGINCLAIM EA set as described above for managed installers. You can identify that the EA was created by the ISG by looking for the value "01" in the fifth position of the output (the start of the second ULONG) from fsutil: + +0000: 01 00 00 00 **`01` 00 00 00** 00 00 00 00 01 00 00 00 + +## More troubleshooting steps for Managed Installer and ISG + +Both managed installer and the ISG depend on AppLocker to provide some functionality. Use the following steps to confirm that AppLocker is configured and running correctly. + +1. Check that AppLocker services are running. From an elevated PowerShell window, run the following and confirm the STATE shows as RUNNING for both appidsvc and AppLockerFltr: + + ```powershell + sc.exe query appidsvc + sc.exe query AppLockerFltr + ``` + + If not, run *appidtel start* from the elevated PowerShell window and check again. + +2. For managed installer, check for AppCache.dat and other *.AppLocker files created under %windir%\System32\AppLocker. There should minimally be a ".AppLocker" file created for each of EXE, DLL, and MANAGEDINSTALLER rule collections. If you don't see these files created, proceed to the next step to confirm the AppLocker policy has been correctly applied. + +3. For managed installer troubleshooting, check that the AppLocker effective policy is correct. From an elevated PowerShell window: ```powershell - $policyFile= - @" - Raw_AppLocker_Policy_XML - "@ - Set-AppLockerPolicy -XmlPolicy $policyFile -Merge -ErrorAction SilentlyContinue + Get-AppLockerPolicy -Effective -XML > $env:USERPROFILE\Desktop\AppLocker.xml ``` -2. Verify Deployment of the ruleset was successful - - ```powershell - Get-AppLockerPolicy -Local - - Version RuleCollections RuleCollectionTypes - ------- --------------- ------------------- - 1 {0, 0, 0, 0...} {Appx, Dll, Exe, ManagedInstaller...} - ``` - - Verify the output shows the ManagedInstaller rule set. - -3. Get the policy XML (optional) using PowerShell: - - ```powershell - Get-AppLockerPolicy -Effective -Xml -ErrorVariable ev -ErrorAction SilentlyContinue - ``` - - This command will show the raw XML to verify the individual rules that were set. + Then open the XML file created and confirm it contains the rules you expect. In particular, the policy should include at least one rule for each of the EXE, DLL, and MANAGEDINSTALLER RuleCollections. The RuleCollections can either be set to AuditOnly or Enabled. Additionally, the EXE and DLL RuleCollections must include the RuleCollectionExtensions configuration as shown in [Automatically allow apps deployed by a managed installer with Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#create-and-deploy-an-applocker-policy-that-defines-your-managed-installer-rules-and-enables-services-enforcement-for-executables-and-dlls). From e0bac91608bb84eba233e354cbe43c1ea411bed6 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 11 Nov 2022 14:18:19 -0800 Subject: [PATCH 096/108] Moved location of citool doc to operations guide --- .../{ => operations}/citool-commands.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/windows-defender-application-control/{ => operations}/citool-commands.md (100%) diff --git a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/citool-commands.md rename to windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md From f00bb5a1cc38ed156b73583c10d46f5c297cac09 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 11 Nov 2022 14:20:48 -0800 Subject: [PATCH 097/108] Update TOC.yml --- .../windows-defender-application-control/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 2c063bad24..637286af55 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -88,7 +88,7 @@ - name: Enforce WDAC policies href: enforce-windows-defender-application-control-policies.md - name: Managing WDAC Policies with CI Tool - href: citool-commands.md + href: operations/citool-commands.md - name: Use code signing to simplify application control for classic Windows applications href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md items: From 9ed0e2259228a4c7132b3a5e225d1e08ee60900b Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 11 Nov 2022 14:26:21 -0800 Subject: [PATCH 098/108] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index c1588e64bc..cae74d63a4 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -420,6 +420,11 @@ "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/citool-commands.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands", + "redirect_document_id": false + }, { "source_path": "devices/hololens/hololens-whats-new.md", "redirect_url": "/hololens/hololens-release-notes", From 5edc3d800e9840d6104da5715ddb971a4a7b4645 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 11 Nov 2022 14:28:21 -0800 Subject: [PATCH 099/108] Update TOC.yml --- .../windows-defender-application-control/TOC.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 637286af55..71ed7b8d83 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -87,8 +87,6 @@ href: merge-windows-defender-application-control-policies.md - name: Enforce WDAC policies href: enforce-windows-defender-application-control-policies.md - - name: Managing WDAC Policies with CI Tool - href: operations/citool-commands.md - name: Use code signing to simplify application control for classic Windows applications href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md items: @@ -117,6 +115,8 @@ href: operations/known-issues.md - name: Managed installer and ISG technical reference and troubleshooting guide href: configure-wdac-managed-installer.md + - name: Managing WDAC Policies with CI Tool + href: operations/citool-commands.md - name: WDAC AppId Tagging guide href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md items: From 8543f8478bb7ff0bad758a0280be20dc175207d3 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Fri, 11 Nov 2022 14:54:44 -0800 Subject: [PATCH 100/108] Update configure-wdac-managed-installer.md --- .../configure-wdac-managed-installer.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md index c18d896678..c24b6295c9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md @@ -87,8 +87,24 @@ Both managed installer and the ISG depend on AppLocker to provide some functiona ```powershell sc.exe query appidsvc + SERVICE_NAME: appidsvc + TYPE : 30 WIN32 + STATE : 4 RUNNING + (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) + WIN32_EXIT_CODE : 0 (0x0) + SERVICE_EXIT_CODE : 0 (0x0) + CHECKPOINT : 0x0 + WAIT_HINT : 0x0 sc.exe query AppLockerFltr - ``` + SERVICE_NAME: applockerfltr + TYPE : 1 KERNEL_DRIVER + STATE : 4 RUNNING + (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) + WIN32_EXIT_CODE : 0 (0x0) + SERVICE_EXIT_CODE : 0 (0x0) + CHECKPOINT : 0x0 + WAIT_HINT : 0x0 + ``` If not, run *appidtel start* from the elevated PowerShell window and check again. From 46351dda0721825d4630b2ea441d2a2e7e1280cb Mon Sep 17 00:00:00 2001 From: Jay Simmons Date: Sun, 13 Nov 2022 06:26:57 -0800 Subject: [PATCH 101/108] Fix broken "TBD" link reference. --- windows/client-management/mdm/laps-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index 9c383468c7..8b8b53545a 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -63,7 +63,7 @@ The LAPS CSP can be used to manage devices that are either joined to Azure AD or |ResetPasswordStatus|Yes|Yes| > [!IMPORTANT] -> Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see the TBD reference on LAPS policy configuration. +> Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings). ## ./Device/Vendor/MSFT/LAPS From d01cc590c8a5fb62691f9c51fd1a215d59d96073 Mon Sep 17 00:00:00 2001 From: Jay Simmons Date: Sun, 13 Nov 2022 06:28:33 -0800 Subject: [PATCH 102/108] Fix private preview disclaimer text. --- windows/client-management/mdm/laps-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index 8b8b53545a..f5c69b2fcd 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -17,7 +17,7 @@ ms.date: 09/20/2022 The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. This CSP was added in Windows 11 as of version 25145. > [!IMPORTANT] -> Windows LAPS is currently only available in Windows Insider builds as of 25145 and later. Support for the Windows LAPS Azure AD scenario is currently limited to a small group of Windows Insiders. +> Windows LAPS currently is available only in [Windows 11 Insider Preview Build 25145 and later](/windows-insider/flight-hub/#active-development-builds-of-windows-11). Support for the Windows LAPS Azure Active Directory scenario is currently in private preview, and limited to a small number of customers who have a direct engagement with engineering. Once public preview is declared in 2023, all customers will be able to evaluate this AAD scenario. > [!TIP] > This article covers the specific technical details of the LAPS CSP. For more information about the scenarios in which the LAPS CSP would be used, see [Windows Local Administrator Password Solution](/windows-server/identity/laps/laps). From 3fe3054a7f89db76259df84134056aca4d925d3f Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 14 Nov 2022 15:44:41 -0500 Subject: [PATCH 103/108] Experiment data team --- .../hello-for-business/hello-deployment-rdp-certs.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index ed5f5c0edc..85e91958b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -6,7 +6,9 @@ author: paolomatarazzo ms.author: paoloma manager: aaroncz ms.reviewer: prsriva -ms.collection: M365-identity-device-management +ms.collection: + - M365-identity-device-management + - ContentEngagementFY23 ms.topic: article localizationpriority: medium ms.date: 02/22/2021 From 44e44f1484b9f341330a3ed517f75f01ff8b96c9 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 14 Nov 2022 14:20:46 -0800 Subject: [PATCH 104/108] add new article for win10 22h2 --- windows/whats-new/TOC.yml | 4 +- windows/whats-new/index.yml | 26 ++++++------ .../whats-new-windows-10-version-22H2.md | 40 +++++++++++++++++++ 3 files changed, 55 insertions(+), 15 deletions(-) create mode 100644 windows/whats-new/whats-new-windows-10-version-22H2.md diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml index 6a59ce9b38..5c5fc54974 100644 --- a/windows/whats-new/TOC.yml +++ b/windows/whats-new/TOC.yml @@ -12,10 +12,12 @@ - name: Prepare for Windows 11 href: windows-11-prepare.md - name: What's new in Windows 11, version 22H2 - href: whats-new-windows-11-version-22h2.md + href: whats-new-windows-11-version-22h2.md - name: Windows 10 expanded: true items: + - name: What's new in Windows 10, version 22H2 + href: whats-new-windows-10-version-22H2.md - name: What's new in Windows 10, version 21H2 href: whats-new-windows-10-version-21H2.md - name: What's new in Windows 10, version 21H1 diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index 3d11bd96e3..0396341be3 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -1,22 +1,20 @@ ### YamlMime:Landing title: What's new in Windows -summary: Find out about new features and capabilities in the latest release of Windows 10 and Windows 11. +summary: Find out about new features and capabilities in the latest release of Windows client for IT professionals. metadata: title: What's new in Windows - description: Find out about new features and capabilities in the latest release of Windows 10 and Windows 11. - services: windows-10 - ms.service: windows-10 - ms.subservice: subservice + description: Find out about new features and capabilities in the latest release of Windows client for IT professionals. + ms.prod: windows-client + ms.technology: itpro-fundamentals ms.topic: landing-page ms.collection: - - windows-10 - highpri author: aczechowski ms.author: aaroncz manager: dougeby - ms.date: 06/03/2022 + ms.date: 11/14/2022 localization_priority: medium landingContent: @@ -38,12 +36,12 @@ landingContent: linkLists: - linkListType: overview links: + - text: What's new in Windows 10, version 22H2 + url: whats-new-windows-10-version-22h2.md - text: What's new in Windows 10, version 21H2 url: whats-new-windows-10-version-21h2.md - text: What's new in Windows 10, version 21H1 url: whats-new-windows-10-version-21h1.md - - text: What's new in Windows 10, version 20H2 - url: whats-new-windows-10-version-20h2.md - title: Learn more linkLists: @@ -54,14 +52,14 @@ landingContent: - text: Windows release health dashboard url: /windows/release-health/ - text: Windows 11 update history - url: https://support.microsoft.com/topic/windows-11-update-history-a19cd327-b57f-44b9-84e0-26ced7109ba9 + url: https://support.microsoft.com/topic/windows-11-version-22h2-update-history-ec4229c3-9c5f-4e75-9d6d-9025ab70fcce - text: Windows 10 update history url: https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb - - text: Windows 10 features we're no longer developing + - text: Windows features we're no longer developing url: /windows/deployment/planning/windows-10-deprecated-features - - text: Features and functionality removed in Windows 10 + - text: Features and functionality removed in Windows url: /windows/deployment/planning/windows-10-removed-features - - text: Compare Windows 10 Editions - url: https://www.microsoft.com/windowsforbusiness/compare + - text: Compare Windows 11 Editions + url: https://www.microsoft.com/windows/business/compare-windows-11 - text: Windows 10 Enterprise LTSC url: ltsc/index.md diff --git a/windows/whats-new/whats-new-windows-10-version-22H2.md b/windows/whats-new/whats-new-windows-10-version-22H2.md new file mode 100644 index 0000000000..7507560cbc --- /dev/null +++ b/windows/whats-new/whats-new-windows-10-version-22H2.md @@ -0,0 +1,40 @@ +--- +title: What's new in Windows 10, version 22H2 for IT pros +description: Learn more about what's new in Windows 10, version 22H2, including how to get it. +ms.prod: windows-client +ms.technology: itpro-fundamentals +ms.author: mstewart +author: mestew +manager: dougeby +ms.localizationpriority: medium +ms.topic: overview +ms.date: 10/18/2022 +--- + +# What's new in Windows 10, version 22H2 + + + +Windows 10, version 22H2 is a feature update for Windows 10. It's a scoped release focused on quality improvements to the overall Windows experience in existing feature areas. It includes all previous cumulative updates to Windows 10, version 21H2. This article is for IT professionals, it lists information about this release that you should know. + +Windows 10, version 22H2 is an [H2-targeted release](/lifecycle/faq/windows#what-is-the-servicing-timeline-for-a-version--feature-update--of-windows-10-), and has the following servicing schedule: + +- **Windows 10 Professional**: Serviced for 18 months from the release date. +- **Windows 10 Enterprise**: Serviced for 30 months from the release date. + +Windows 10, version 22H2 is available through Windows Server Update Services including Configuration Manager, Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 10 2022 Update](https://blogs.windows.com/windowsexperience/2022/10/18/how-to-get-the-windows-10-2022-update/). + +Devices running earlier supported versions of Windows 10 can update to version 22H2 using an enablement package. For more information, see [Feature update to Windows 10, version 22H2 by using an enablement package](https://support.microsoft.com/topic/kb5015684-featured-update-to-windows-10-version-22h2-by-using-an-enablement-package-09d43632-f438-47b5-985e-d6fd704eee61). + +To learn more about the status of the Windows 10, version 22H2 rollout, known issues, and build information, see [Windows 10 release information](/windows/release-health/release-information). + +For more information about updated tools to support this release, see [IT tools to support Windows 10, version 22H2](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-22h2/ba-p/3655750) (`https://aka.ms/W10/tools-for-22H2`) + +## Updates and servicing + +The Windows 10, version 22H2 feature update is installed as part of the general availability channel. Quality updates are still installed monthly on patch Tuesday. + +For more information, see: + +- [Feature and quality update definitions](/windows/deployment/update/waas-quick-start#definitions) +- [Windows servicing channels](/windows/deployment/update/waas-overview#servicing-channels) From 58949d2c6931cbe85698f4d5a82120c2f4f32d4a Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 14 Nov 2022 15:16:40 -0800 Subject: [PATCH 105/108] revise from peer review --- windows/whats-new/whats-new-windows-10-version-22H2.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-22H2.md b/windows/whats-new/whats-new-windows-10-version-22H2.md index 7507560cbc..19a2bb9c46 100644 --- a/windows/whats-new/whats-new-windows-10-version-22H2.md +++ b/windows/whats-new/whats-new-windows-10-version-22H2.md @@ -28,9 +28,7 @@ Devices running earlier supported versions of Windows 10 can update to version 2 To learn more about the status of the Windows 10, version 22H2 rollout, known issues, and build information, see [Windows 10 release information](/windows/release-health/release-information). -For more information about updated tools to support this release, see [IT tools to support Windows 10, version 22H2](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-22h2/ba-p/3655750) (`https://aka.ms/W10/tools-for-22H2`) - -## Updates and servicing +For more information about updated tools to support this release, see [IT tools to support Windows 10, version 22H2](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-22h2/ba-p/3655750). The Windows 10, version 22H2 feature update is installed as part of the general availability channel. Quality updates are still installed monthly on patch Tuesday. From aa191e0e596be3f5590960faae437d11aab7243a Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 14 Nov 2022 16:11:55 -0800 Subject: [PATCH 106/108] fix broken link --- windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 235382fe70..4173a48861 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -576,7 +576,7 @@ These apps are in addition to any mixed reality apps that you allow. After the admin has completed setup, the kiosk account can sign in and repeat the setup. The admin user may want to complete the kiosk user setup before providing the PC to employees or customers. -There's a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](https://developer.microsoft.com/windows/mixed-reality/navigating_the_windows_mixed_reality_home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they'll see only a blank display in the device, and won't have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen. +There's a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](/windows/mixed-reality/discover/navigating-the-windows-mixed-reality-home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they'll see only a blank display in the device, and won't have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen. ## Policies set by multi-app kiosk configuration From 41e42b5ed071e9eed175c615e6120ec964516577 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 15 Nov 2022 04:42:41 -0800 Subject: [PATCH 107/108] update support routing --- windows/deployment/update/wufb-reports-admin-center.md | 2 +- .../update/wufb-reports-configuration-intune.md | 2 +- .../update/wufb-reports-configuration-manual.md | 2 +- .../update/wufb-reports-configuration-script.md | 2 +- windows/deployment/update/wufb-reports-enable.md | 2 +- windows/deployment/update/wufb-reports-help.md | 8 ++++---- windows/deployment/update/wufb-reports-overview.md | 2 +- windows/deployment/update/wufb-reports-prerequisites.md | 2 +- windows/deployment/update/wufb-reports-schema.md | 2 +- windows/deployment/update/wufb-reports-use.md | 2 +- windows/deployment/update/wufb-reports-workbook.md | 2 +- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/deployment/update/wufb-reports-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md index e8b2322c33..aff23a1e5b 100644 --- a/windows/deployment/update/wufb-reports-admin-center.md +++ b/windows/deployment/update/wufb-reports-admin-center.md @@ -9,7 +9,7 @@ ms.localizationpriority: medium ms.collection: - M365-analytics ms.topic: article -ms.date: 06/20/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index 9109171ed4..dd24c62801 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -9,7 +9,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 08/24/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md index 9a0bdf5d23..c6e2de995b 100644 --- a/windows/deployment/update/wufb-reports-configuration-manual.md +++ b/windows/deployment/update/wufb-reports-configuration-manual.md @@ -9,7 +9,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 06/06/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md index 9ca0d3dcc6..8b2c8fc543 100644 --- a/windows/deployment/update/wufb-reports-configuration-script.md +++ b/windows/deployment/update/wufb-reports-configuration-script.md @@ -9,7 +9,7 @@ ms.author: mstewart ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article -ms.date: 06/16/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md index 7942f2dab4..0da1af6746 100644 --- a/windows/deployment/update/wufb-reports-enable.md +++ b/windows/deployment/update/wufb-reports-enable.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 06/06/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md index 5e16094501..df48a582a8 100644 --- a/windows/deployment/update/wufb-reports-help.md +++ b/windows/deployment/update/wufb-reports-help.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 08/10/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- @@ -51,9 +51,9 @@ You can open support requests directly from the Azure portal. If the **Help + S - **Issue type** - ***Technical*** - **Subscription** - Select the subscription used for Windows Update for Business reports - **Service** - ***My services*** - - **Service type** - ***Log Analytics*** - - **Problem type** - ***Solutions or Insights*** - - **Problem subtype** - ***Update Compliance*** + - **Service type** - ***Monitoring and Management*** + - **Problem type** - ***Windows Update for Business reports*** + 1. Based on the information you provided, you'll be shown some **Recommended solutions** you can use to try to resolve the problem. 1. Complete the **Additional details** tab and then create the request on the **Review + create** tab. diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md index d4dea38ed6..6315bbdd8c 100644 --- a/windows/deployment/update/wufb-reports-overview.md +++ b/windows/deployment/update/wufb-reports-overview.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 08/09/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md index 1d0a3fc734..d8b3d96e52 100644 --- a/windows/deployment/update/wufb-reports-prerequisites.md +++ b/windows/deployment/update/wufb-reports-prerequisites.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 06/30/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md index cfa13279e3..8b2936c9bc 100644 --- a/windows/deployment/update/wufb-reports-schema.md +++ b/windows/deployment/update/wufb-reports-schema.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: reference -ms.date: 06/06/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md index 6d22e58405..060f404688 100644 --- a/windows/deployment/update/wufb-reports-use.md +++ b/windows/deployment/update/wufb-reports-use.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 06/06/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md index 3786290923..3d1083467a 100644 --- a/windows/deployment/update/wufb-reports-workbook.md +++ b/windows/deployment/update/wufb-reports-workbook.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.collection: M365-analytics ms.topic: article -ms.date: 10/24/2022 +ms.date: 11/15/2022 ms.technology: itpro-updates --- From 21692a767d7a40811ace9c9dd48d166143eef07b Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 15 Nov 2022 09:58:50 -0500 Subject: [PATCH 108/108] Metadata updates across different articles --- education/index.yml | 6 ------ education/windows/federated-sign-in.md | 8 -------- education/windows/windows-11-se-faq.yml | 8 -------- .../identity-protection/hello-for-business/hello-faq.yml | 4 ++-- .../identity-protection/hello-for-business/index.yml | 3 ++- windows/security/index.yml | 5 +++-- 6 files changed, 7 insertions(+), 27 deletions(-) diff --git a/education/index.yml b/education/index.yml index 1a3a69e704..ef45124188 100644 --- a/education/index.yml +++ b/education/index.yml @@ -2,19 +2,13 @@ title: Microsoft 365 Education Documentation summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education. -# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin brand: m365 metadata: title: Microsoft 365 Education Documentation description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers. - ms.service: help ms.topic: hub-page - ms.collection: education - author: paolomatarazzo - ms.author: paoloma ms.date: 08/10/2022 - manager: aaroncz productDirectory: title: For IT admins diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md index 906d45d919..7a3ef3172c 100644 --- a/education/windows/federated-sign-in.md +++ b/education/windows/federated-sign-in.md @@ -2,15 +2,7 @@ title: Configure federated sign-in for Windows devices description: Description of federated sign-in feature for Windows 11 SE and how to configure it via Intune ms.date: 09/15/2022 -ms.prod: windows -ms.technology: windows ms.topic: how-to -ms.localizationpriority: medium -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: -manager: aaroncz -ms.collection: education appliesto: - ✅ Windows 11 SE --- diff --git a/education/windows/windows-11-se-faq.yml b/education/windows/windows-11-se-faq.yml index aaf843df04..c45c1980a0 100644 --- a/education/windows/windows-11-se-faq.yml +++ b/education/windows/windows-11-se-faq.yml @@ -2,15 +2,7 @@ metadata: title: Windows 11 SE Frequently Asked Questions (FAQ) description: Use these frequently asked questions (FAQ) to learn important details about Windows 11 SE. - ms.prod: windows - ms.technology: windows - author: paolomatarazzo - ms.author: paoloma - manager: aaroncz - ms.reviewer: - ms.collection: education ms.topic: faq - localizationpriority: medium ms.date: 09/14/2022 appliesto: - ✅ Windows 11 SE diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index c43ef81413..5f6545b0df 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -3,8 +3,8 @@ metadata: title: Windows Hello for Business Frequently Asked Questions (FAQ) description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport - ms.prod: m365-security - ms.mktglfcycl: deploy + ms.prod: windows-client + ms.technology: itpro-security ms.sitesec: library ms.pagetype: security, mobile audience: ITPro diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml index 3907b4b422..0f14b0a619 100644 --- a/windows/security/identity-protection/hello-for-business/index.yml +++ b/windows/security/identity-protection/hello-for-business/index.yml @@ -6,7 +6,8 @@ summary: Learn how to manage and deploy Windows Hello for Business. metadata: title: Windows Hello for Business documentation description: Learn how to manage and deploy Windows Hello for Business. - ms.prod: m365-security + ms.prod: windows-client + ms.technology: itpro-security ms.topic: landing-page author: paolomatarazzo ms.author: paoloma diff --git a/windows/security/index.yml b/windows/security/index.yml index bca2ee7b90..57d27d3093 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -6,8 +6,9 @@ summary: Built with Zero Trust principles at the core to safeguard data and acce metadata: title: Windows security # Required; page title displayed in search results. Include the brand. < 60 chars. description: Learn about Windows security # Required; article description that is displayed in search results. < 160 chars. - ms.topic: landing-page # Required - ms.prod: windows + ms.topic: landing-page + ms.prod: windows-client + ms.technology: itpro-security ms.collection: - m365-security-compliance - highpri