-For more information about AGPM, and to get the license, see [Advanced Group Policy Management 4.0 Documents](https://www.microsoft.com/en-us/download/details.aspx?id=13975). +For more information about AGPM, and to get the license, see [Advanced Group Policy Management 4.0 Documents](https://www.microsoft.com/download/details.aspx?id=13975). diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md index 00029e6c5b..a4ca6348ac 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md +++ b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md @@ -127,7 +127,7 @@ We recommend that enterprise customers focus their new development on establishe - [Document modes](https://msdn.microsoft.com/library/dn384051(v=vs.85).aspx) - [What is Enterprise Mode?](what-is-enterprise-mode.md) - [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md) -- [Enterprise Site Discovery Toolkit](https://www.microsoft.com/en-us/download/details.aspx?id=44570) +- [Enterprise Site Discovery Toolkit](https://www.microsoft.com/download/details.aspx?id=44570) - [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) - [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) - [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md index 0212685d25..0f89abe875 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md @@ -163,6 +163,6 @@ Because the tool is open-source, the source code is readily available for examin - [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx) -- [Microsoft Services Support](https://www.microsoft.com/en-us/microsoftservices/support.aspx) +- [Microsoft Services Support](https://www.microsoft.com/microsoftservices/support.aspx) - [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search) diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md index 6d0b1dcf12..f2d6ca4c03 100644 --- a/devices/hololens/hololens-requirements.md +++ b/devices/hololens/hololens-requirements.md @@ -35,7 +35,7 @@ Critical cloud services include: - Azure active directory (AAD) - Windows Update (WU) -Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure in order to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune) as an example though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2. +Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure in order to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune) as an example though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2. HoloLens does support a limited set of cloud disconnected experiences. diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md index 22c5e995db..60289bad05 100644 --- a/devices/hololens/hololens-status.md +++ b/devices/hololens/hololens-status.md @@ -21,8 +21,8 @@ ms.sitesec: library Area|HoloLens (1st gen)|HoloLens 2 ----|:----:|:----: [Azure services](https://status.azure.com/en-us/status)|✔️|✔️ -[Store app](https://www.microsoft.com/en-us/store/collections/hlgettingstarted/hololens)|✔️|✔️ -[Apps](https://www.microsoft.com/en-us/hololens/apps)|✔️|✔️ +[Store app](https://www.microsoft.com/store/collections/hlgettingstarted/hololens)|✔️|✔️ +[Apps](https://www.microsoft.com/hololens/apps)|✔️|✔️ [MDM](https://docs.microsoft.com/en-us/hololens/hololens-enroll-mdm)|✔️|✔️ ## Notes and related topics diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index 20f13c7d1b..a834e039ee 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -77,7 +77,7 @@ From here on, you'll need to finish the account creation process using PowerShel In order to run cmdlets used by these PowerShell scripts, the following must be installed for the admin PowerShell console: -- [Microsoft Online Services Sign-In Assistant for IT Professionals RTW](https://www.microsoft.com/en-us/download/details.aspx?id=41950) +- [Microsoft Online Services Sign-In Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950) - [Windows Azure Active Directory Module for Windows PowerShell](https://www.microsoft.com/web/handlers/webpi.ashx/getinstaller/WindowsAzurePowershellGet.3f.3f.3fnew.appids) - [Skype for Business Online, Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366) diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index 5bea64a216..2e9e29bded 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -63,10 +63,12 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013 Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too. ```PowerShell + $acctUpn = Get-Mailbox -Identity "
+
+
August 17, 2019—update for Team edition based on KB4512474* (OS Build 15063.2021)
+ +This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: + + * Ensures that Video Out on Hub 2S defaults to "Duplicate" mode. + +Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. +*[KB4503289](https://support.microsoft.com/help/4503289) +June 18, 2019—update for Team edition based on KB4503289* (OS Build 15063.1897)
@@ -31,6 +42,9 @@ This update to the Surface Hub includes quality improvements and security fixes. * Addresses an issue with log collection for Microsoft Surface Hub 2S. * Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully. +* Adds support for TLS 1.2 connections to identity providers and Exchange in device account setup scenarios. +* Fixes to improve reliability of Hardware Diagnostic App on Hub 2S. +* Fix to improve consistency of first-run setup experience on Hub 2S. Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. *[KB4503289](https://support.microsoft.com/help/4503289) diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md index e0df401dea..7ccc8ed708 100644 --- a/devices/surface/assettag.md +++ b/devices/surface/assettag.md @@ -29,7 +29,7 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices. To run Surface Asset Tag: 1. On the Surface device, download **Surface Asset Tag.zip** from the [Microsoft Download - Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703), + Center](https://www.microsoft.com/download/details.aspx?id=46703), extract the zip file, and save AssetTag.exe in desired folder (in this example, C:\\assets). diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md index ea5592fb85..258912cc3d 100644 --- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md +++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md @@ -55,7 +55,7 @@ Before you can perform a deployment with MDT, you must first supply a set of ope >[!NOTE] ->The installation media generated from the [Get Windows 10](https://www.microsoft.com/en-us/software-download/windows10/) page differs from physical media or media downloaded from the VLSC, in that it contains an image file in Electronic Software Download (ESD) format rather than in the Windows Imaging (WIM) format. Installation media with an image file in WIM format is required for use with MDT. Installation media from the Get Windows 10 page cannot be used for Windows deployment with MDT. +>The installation media generated from the [Get Windows 10](https://www.microsoft.com/software-download/windows10/) page differs from physical media or media downloaded from the VLSC, in that it contains an image file in Electronic Software Download (ESD) format rather than in the Windows Imaging (WIM) format. Installation media with an image file in WIM format is required for use with MDT. Installation media from the Get Windows 10 page cannot be used for Windows deployment with MDT. #### Windows Server @@ -64,7 +64,7 @@ Although MDT can be installed on a Windows client, to take full advantage of Win >[!NOTE] ->To evaluate the deployment process for Surface devices or to test the deployment process described in this article with the upcoming release of Windows Server 2016, you can download evaluation and preview versions from the [TechNet Evaluation Center](https://www.microsoft.com/en-us/evalcenter). +>To evaluate the deployment process for Surface devices or to test the deployment process described in this article with the upcoming release of Windows Server 2016, you can download evaluation and preview versions from the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter). #### Windows Deployment Services @@ -82,7 +82,7 @@ Because customizations are performed by MDT at the time of deployment, the goal >[!NOTE] ->Hyper-V is available not only on Windows Server, but also on Windows clients, including Professional and Enterprise editions of Windows 8, Windows 8.1, and Windows 10. Find out more at [Client Hyper-V on Windows 10](https://msdn.microsoft.com/virtualization/hyperv_on_windows/windows_welcome) and [Client Hyper-V on Windows 8 and Windows 8.1](https://technet.microsoft.com/library/hh857623) in the TechNet Library. Hyper-V is also available as a standalone product, Microsoft Hyper-V Server, at no cost. You can download [Microsoft Hyper-V Server 2012 R2](https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-2012-r2) or [Microsoft Hyper-V Server 2016 Technical Preview](https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-technical-preview) from the TechNet Evaluation Center. +>Hyper-V is available not only on Windows Server, but also on Windows clients, including Professional and Enterprise editions of Windows 8, Windows 8.1, and Windows 10. Find out more at [Client Hyper-V on Windows 10](https://msdn.microsoft.com/virtualization/hyperv_on_windows/windows_welcome) and [Client Hyper-V on Windows 8 and Windows 8.1](https://technet.microsoft.com/library/hh857623) in the TechNet Library. Hyper-V is also available as a standalone product, Microsoft Hyper-V Server, at no cost. You can download [Microsoft Hyper-V Server 2012 R2](https://www.microsoft.com/evalcenter/evaluate-hyper-v-server-2012-r2) or [Microsoft Hyper-V Server 2016 Technical Preview](https://www.microsoft.com/evalcenter/evaluate-hyper-v-server-technical-preview) from the TechNet Evaluation Center. #### Surface firmware and drivers diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md index 3688553be3..a2d74d331c 100644 --- a/devices/surface/microsoft-surface-data-eraser.md +++ b/devices/surface/microsoft-surface-data-eraser.md @@ -68,7 +68,7 @@ Some scenarios where Microsoft Surface Data Eraser can be helpful include: To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to *create* the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool: -1. Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703). +1. Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=46703). 2. Select the check box to accept the terms of the license agreement, and then click **Install**. diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md index 47046fbd72..293aeafe93 100644 --- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md +++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md @@ -36,6 +36,6 @@ The diagnosis and repair time averages 15 minutes but could take an hour or long If the Surface Diagnostic Toolkit for Business didn’t fix the problem, you can also: -- Make an in-store appointment: We might be able to fix the problem or provide a replacement Surface at your local Microsoft Store. [Locate a Microsoft Store near you](https://www.microsoft.com/en-us/store/locations/find-a-store?WT.mc_id=MSC_Solutions_en_us_scheduleappt). +- Make an in-store appointment: We might be able to fix the problem or provide a replacement Surface at your local Microsoft Store. [Locate a Microsoft Store near you](https://www.microsoft.com/store/locations/find-a-store?WT.mc_id=MSC_Solutions_en_us_scheduleappt). - Contact customer support: If you want to talk to someone about how to fix your problem, [contact us](https://support.microsoft.com/en-us/help/4037645/contact-surface-warranty-and-software-support-for-business). - Get your Surface serviced: If your Surface product needs service, [request it online](https://mybusinessservice.surface.com/). diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index df65b6c73d..5944375042 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -226,7 +226,9 @@ create a reset package using PowerShell to reset SEMM. ## Version History - +### Version 2.54.139.0 +* Support to Surface Hub 2S +* Bug fixes ### Version 2.43.136.0 * Support to enable/disable simulatenous multithreating diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md index fc7cf4147e..fc560e5345 100644 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md @@ -52,7 +52,7 @@ You will also need to have available the following resources: * Windows 10 installation files, such as the installation media downloaded from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx) >[!NOTE] - >Installation media for use with MDT must contain a Windows image in Windows Imaging Format (.wim). Installation media produced by the [Get Windows 10](https://www.microsoft.com/en-us/software-download/windows10/) page does not use a .wim file, instead using an Electronic Software Download (.esd) file, which is not compatible with MDT. + >Installation media for use with MDT must contain a Windows image in Windows Imaging Format (.wim). Installation media produced by the [Get Windows 10](https://www.microsoft.com/software-download/windows10/) page does not use a .wim file, instead using an Electronic Software Download (.esd) file, which is not compatible with MDT. * [Surface firmware and drivers](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices) for Windows 10 * Application installation files for any applications you want to install, such as the Surface app diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index dff968bbf3..0432c65257 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -44,7 +44,7 @@ Management of SEMM with Configuration Manager requires the installation of Micro #### Download SEMM scripts for Configuration Manager -After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://www.microsoft.com/en-us/download/details.aspx?id=46703) from the Download Center. +After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://www.microsoft.com/download/details.aspx?id=46703) from the Download Center. ## Deploy Microsoft Surface UEFI Manager @@ -378,7 +378,7 @@ The following code fragment, found on lines 380-477, is used to write these regi ### Settings names and IDs -To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/en-us/download/details.aspx?id=46703) +To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/download/details.aspx?id=46703) The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device. diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md index 8134359845..aee66dbdb7 100644 --- a/devices/surface/windows-autopilot-and-surface-devices.md +++ b/devices/surface/windows-autopilot-and-surface-devices.md @@ -19,39 +19,10 @@ Windows Autopilot is a cloud-based deployment technology available in Windows 10 With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process can eliminate need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution. -In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library. - -## Prerequisites -Enrollment of Surface devices in Windows Autopilot with a Surface partner enabled for Windows Autopilot has the following licensing requirements for each enrolled Surface device: -* **Azure Active Directory Premium** – Required to enroll your devices in your organization and to automatically enroll devices in your organization’s mobile management solution. -* **Mobile Device Management (such as Microsoft Intune)** – Required to remotely deploy applications, configure, and manage your enrolled devices. -* **Office 365 ProPlus** – Required to deploy Microsoft Office to your enrolled devices. - -These requirements are also met by the following solutions: -* Microsoft 365 E3 or E5 (includes Azure Active Directory Premium, Microsoft Intune, and Office 365 ProPlus) - -Or -* Enterprise Mobility + Security E3 or E5 (includes Azure Active Directory Premium and Microsoft Intune) -* Office 365 ProPlus, E3, or E5 (includes Office 365 ProPlus) - ->[!NOTE] ->Deployment of devices using Windows Autopilot to complete the Out-of-Box Experience (OOBE) is supported without these prerequisites, however will yield deployed devices without applications, configuration, or enrollment in a management solution and is highly discouraged. +In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library. For information about licensing and other prerequisites, see [Windows Autopilot requirements](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements). ### Windows version considerations -Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update). Windows 10 Version 1709 uses a secure 4096-bit (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale. - -### Surface device support -Surface devices with support for out-of-box deployment with Windows Autopilot, enrolled during the purchase process with a Surface partner, include the following devices, where the devices ship from the factory with Windows 10 Version 1709: - -* Surface Pro (5th gen) -* Surface Laptop(1st gen) -* Surface Studio (1st gen) -* Surface Pro 6 -* Surface Book 2 -* Surface Laptop 2 -* Surface Studio 2 -* Surface Go -* Surface Go with LTE Advanced +Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale. All new Surface devices ship with Windows 10 Version 1709 or above. ## Surface partners enabled for Windows Autopilot Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organization’s behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management. @@ -63,4 +34,3 @@ When you purchase Surface devices from a Surface partner enabled for Windows Aut - [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) - [SHI](https://www.shi.com/Surface) - diff --git a/education/index.md b/education/index.md index 8dfa606f42..2bd9d1a152 100644 --- a/education/index.md +++ b/education/index.md @@ -26,7 +26,7 @@ ms.prod: w10
diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md
index f1d88dc8c8..7c079f414b 100644
--- a/education/trial-in-a-box/educator-tib-get-started.md
+++ b/education/trial-in-a-box/educator-tib-get-started.md
@@ -339,7 +339,7 @@ For more information about checking for updates, and how to optionally turn on a
## Get more info
* Learn more at microsoft.com/education
* Find out if your school is eligible for a device trial at aka.ms/EDUTrialInABox
-* Buy Windows 10 devices
+* Buy Windows 10 devices
diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md index b4cdaad1f4..04b239b53b 100644 --- a/education/trial-in-a-box/itadmin-tib-get-started.md +++ b/education/trial-in-a-box/itadmin-tib-get-started.md @@ -278,4 +278,4 @@ For more information about checking for updates, and how to optionally turn on a ## Get more info * Learn more at microsoft.com/education * Find out if your school is eligible for a device trial at aka.ms/EDUTrialInABox -* Buy Windows 10 devices +* Buy Windows 10 devices diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index da30be64ef..af1534d6a3 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -37,7 +37,7 @@ Before you change to Windows 10 Pro Education, make sure you meet these requirem - The user making the changes must be a member of the Azure AD global administrator group. ## Compare Windows 10 Pro and Pro Education editions -You can [compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) to find out more about the features we support in other editions of Windows 10. +You can [compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare) to find out more about the features we support in other editions of Windows 10. For more info about Windows 10 default settings and recommendations for education customers, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). @@ -314,6 +314,6 @@ For more information about integrating on-premises AD DS domains with Azure AD, [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) -[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) +[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare) [Windows 10 subscription activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation) diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md index bb621c32d8..027127211f 100644 --- a/education/windows/deploy-windows-10-in-a-school-district.md +++ b/education/windows/deploy-windows-10-in-a-school-district.md @@ -26,7 +26,7 @@ This guide shows you how to deploy the Windows 10 operating system in a school d Proper preparation is essential for a successful district deployment. To avoid common mistakes, your first step is to plan a typical district configuration. Just as with building a house, you need a blueprint for what your district and individual schools should look like when it’s finished. The second step in preparation is to learn how you will manage the users, apps, and devices in your district. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your district. ->**Note** This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/en-us/cloud-platform/mobile-device-management). +>**Note** This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/cloud-platform/mobile-device-management). ### Plan a typical district configuration @@ -115,7 +115,7 @@ The configuration process requires the following devices: * **Admin device.** This is the device you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the System Center Configuration Manager Console on this device. * **Reference devices.** These are the devices that you will use as a template for the faculty and student devices. You install Windows 10 and Windows desktop apps on these devices, and then capture an image (.wim file) of the devices. - You will have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/en-us/windows/view-all). + You will have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/windows/view-all). * **Faculty and staff devices.** These are the devices that the teachers, faculty, and staff use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices. * **Student devices.** The students will use these devices. You will use the admin device deploy (or upgrade) Windows 10 and apps to them. @@ -550,7 +550,7 @@ In this section, you installed the Windows ADK and MDT on the admin device. You Office 365 is one of the core components of your classroom environment. You create and manage student identities in Office 365, and students and teachers use the suite as their email, contacts, and calendar system. They also use Office 365 collaboration features such as SharePoint, OneNote, and OneDrive for Business. -As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/en-us/education/products/office-365-deployment-resources/default.aspx). +As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/education/products/office-365-deployment-resources/default.aspx). ### Select the appropriate Office 365 Education license plan @@ -991,7 +991,7 @@ Depending on your school’s requirements, you may need any combination of the f >**Note** Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business—features not available in Windows 10 Home. For more information about how to upgrade Windows 10 Home to Windows 10 Pro or Windows 10 Education, see [Windows 10 edition upgrade](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades). -For more information about the Windows 10 editions, see [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). +For more information about the Windows 10 editions, see [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). One other consideration is the mix of processor architectures you will support. If you can, support only 64-bit versions of Windows 10. If you have devices that can run only 32-bit versions of Windows 10, you will need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above. diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md index f1696a220d..ed3de28f37 100644 --- a/education/windows/deploy-windows-10-in-a-school.md +++ b/education/windows/deploy-windows-10-in-a-school.md @@ -164,7 +164,7 @@ In this section, you installed the Windows ADK and MDT on the admin device. You Office 365 is one of the core components of your classroom environment. You create and manage student identities in Office 365, and students and teachers use the suite as their email, contacts, and calendar system. Teachers and students use Office 365 collaboration features such as SharePoint, OneNote, and OneDrive for Business. -As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/en-us/education/products/office-365-deployment-resources/default.aspx). +As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/education/products/office-365-deployment-resources/default.aspx). ### Select the appropriate Office 365 Education license plan diff --git a/education/windows/index.md b/education/windows/index.md index 0f1dedb139..80684834ef 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -19,8 +19,8 @@ ms.date: 10/13/2017 ##  Learn
[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
-[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) +[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare) diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index 8f8f6c6aa2..1ec8ad81a4 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -51,7 +51,7 @@ Due to these reasons, we recommend that you use the installation tool and avoid Before you install Windows 10 in S mode on your existing Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise device: * Make sure that you updated your existing device to Windows 10, version 1703 (Creators Update). - See [Download Windows 10](https://www.microsoft.com/en-us/software-download/windows10) and follow the instructions to update your device to Windows 10, version 1703. You can verify your current version in **Settings > System > About**. + See [Download Windows 10](https://www.microsoft.com/software-download/windows10) and follow the instructions to update your device to Windows 10, version 1703. You can verify your current version in **Settings > System > About**. * Install the latest Windows Update. @@ -184,7 +184,7 @@ If you see this message, follow these steps to stop receiving the message: To use an installation media to reinstall Windows 10, follow these steps. -1. On a working PC, go to the [Microsoft software download website](https://www.microsoft.com/en-us/software-download/windows10). +1. On a working PC, go to the [Microsoft software download website](https://www.microsoft.com/software-download/windows10). 2. Download the Media Creation Tool and then run it. 3. Select **Create installation media for another PC**. 4. Choose a language, edition, and architecture (64-bit or 32-bit). diff --git a/mdop/agpm/whats-new-in-agpm-40-sp3.md b/mdop/agpm/whats-new-in-agpm-40-sp3.md index 4e65034c54..dbe0512e16 100644 --- a/mdop/agpm/whats-new-in-agpm-40-sp3.md +++ b/mdop/agpm/whats-new-in-agpm-40-sp3.md @@ -30,7 +30,7 @@ AGPM 4.0 SP3 adds support for the Windows 10 and Windows Server 2016 operating ### Support for PowerShell -AGPM 4.0 SP3 adds support for PowerShell cmdlets. For a list of the cmdlets available in AGPM 4.0 SP3, including descriptions and syntax, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx). +AGPM 4.0 SP3 adds support for PowerShell cmdlets. For a list of the cmdlets available in AGPM 4.0 SP3, including descriptions and syntax, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://docs.microsoft.com/powershell/mdop/get-started?view=win-mdop2-ps). ### Customer feedback and hotfix rollup diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md index 3013d8a294..08d550209b 100644 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -19,7 +19,7 @@ author: shortpatti This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 ### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 -[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=58345) +[Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=58345) #### Steps to update the MBAM Server for existing MBAM environment 1. Remove MBAM server feature (do this by opening the MBAM Server Configuration Tool, then selecting Remove Features). diff --git a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md index 185ace5f1b..166bfb30c5 100644 --- a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md +++ b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md @@ -26,7 +26,7 @@ MDOP Group Policy templates are available for download in a self-extracting, com **How to download and deploy the MDOP Group Policy templates** -1. Download the MDOP Group Policy templates from [Microsoft Desktop Optimization Pack Group Policy Administrative Templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531). +1. Download the MDOP Group Policy templates from [Microsoft Desktop Optimization Pack Group Policy Administrative Templates](https://www.microsoft.com/download/details.aspx?id=55531). 2. Run the downloaded file to extract the template folders. diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index 970711d8a8..22f5eca17c 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -352,7 +352,7 @@ You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** colla
\MDOP_ADMX_Templates.cab -F:* `
diff --git a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
index cbdc80df01..2701e18c6d 100644
--- a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
+++ b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
@@ -31,7 +31,7 @@ ADMX files can be installed and tested locally on any computer that runs the Win
**To download the UE-V ADMX templates**
-1. Download the UE-V ADMX template files: .
+1. Download the UE-V ADMX template files: .
2. For more information about how to deploy the Group Policy templates, see .
diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
index d918fb1b54..111954ec45 100644
--- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
@@ -114,7 +114,7 @@ Before you proceed, make sure your environment includes these requirements for r
-**Note:** Starting with Windows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack
+**Note:** Starting with Windows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack
Also…
diff --git a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
index 9d9a9348ec..157d07c277 100644
--- a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
+++ b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
@@ -710,7 +710,7 @@ Also…
**Note**
-- Starting with WIndows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack.
+- Starting with WIndows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack.
- The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](https://go.microsoft.com/fwlink/?LinkId=309609).
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index de500f83cb..1215008fc9 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -23,7 +23,7 @@ Windows Autopilot simplifies device set up for IT Admins. For an overview of ben
Watch this video to learn more about Windows Autopilot in Microsoft Store for Business.
-> [!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
+> [!video https://www.microsoft.com/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
## What is Windows Autopilot?
In Microsoft Store for Business, you can manage devices for your organization and apply an *Autopilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device.
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index 91926ff30c..910454c958 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -42,7 +42,7 @@ Previous versions of App-V have required you to manually remove your unpublished
### App-V is now a feature in Windows 10
-With Windows 10, version 1607 and later releases, App-V is now included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack.
+With Windows 10, version 1607 and later releases, App-V is now included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack.
To learn more about earlier versions of App-V, see [MDOP Information Experience](https://docs.microsoft.com/microsoft-desktop-optimization-pack/index).
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index 3dbd5d0ae9..a913ce8a38 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -346,7 +346,7 @@ This process will recreate both the local and network locations for AppData and
In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers through the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are input as PowerShell commands on the computer running the App-V Client.
-This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177).
+This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/download/details.aspx?id=38177).
The App-V application lifecycle tasks are triggered at user sign in (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured (after the client is enabled) with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell).
@@ -799,7 +799,7 @@ App-V packages contain the Manifest file inside of the App-V Package file, which
### Examples of dynamic configuration files
-The following example shows the combination of the Manifest, Deployment Configuration, and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only, not to be a complete description of the specific categories available in each file. For more information, download the [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760).
+The following example shows the combination of the Manifest, Deployment Configuration, and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only, not to be a complete description of the specific categories available in each file. For more information, download the [App-V Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760).
#### Manifest
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index 5af97d8c38..6e88aa4a89 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -62,5 +62,5 @@ Using Group Policy, you can turn on the **Enable automatic cleanup of unused App
## Related topics
- [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
-- [Download the Microsoft Application Virtualization 5.0 Client UI Application](https://www.microsoft.com/en-us/download/details.aspx?id=41186)
+- [Download the Microsoft Application Virtualization 5.0 Client UI Application](https://www.microsoft.com/download/details.aspx?id=41186)
- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 79a0d77597..96b334816f 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -32,7 +32,7 @@ ms.topic: article
1. Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
* The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
- * The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
+ * The [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home).
2. Copy the App-V server installation files to the computer on which you want to install it.
3. Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
4. Review and accept the license terms, and choose whether to enable Microsoft updates.
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index 126da2945c..22c9ac4efb 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -86,7 +86,7 @@ The following table provides a full list of supported integration points for Off
### Office 2010 App-V Packages
-* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399)
+* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/kb/2828619)
* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069)
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 0bc8d491a1..09ff627f45 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -30,7 +30,7 @@ To learn how to configure the App-V client to enable only administrators to publ
## Related topics
-- [App-V and Citrix integration](https://www.microsoft.com/en-us/download/details.aspx?id=40885)
+- [App-V and Citrix integration](https://www.microsoft.com/download/details.aspx?id=40885)
- [Operations for App-V](appv-operations.md)
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index ae16a7025e..cb14cc7f5c 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -45,7 +45,7 @@ App-V offers the following five server components, each of which serves a specif
All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from either of the following locations:
* The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from this site.
-* The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
+* The [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home).
In large organizations, you might want to install more than one instance of the server components to get the following benefits.
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index a05b56167e..f39cd72041 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -18,7 +18,7 @@ ms.topic: article
Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
-With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you're new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
+With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise). If you're new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
If you’re already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).
@@ -35,13 +35,13 @@ To start using App-V to deliver virtual applications to users, you’ll need to
| Component | What it does | Where to find it |
|------------|--|------|
-| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.| +| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.| | App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607.
To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). | | App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). | For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md). -If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx). +If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/learning/default.aspx). ## Getting started with App-V diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index 40047a8bd9..155f59650e 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -31,7 +31,7 @@ You should read and understand the following information before reading this doc - [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) -- [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760) +- [App-V Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760) **Note** Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk * review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md index 99a25f7fda..214bb3c9bd 100644 --- a/windows/application-management/app-v/appv-reporting.md +++ b/windows/application-management/app-v/appv-reporting.md @@ -30,7 +30,7 @@ The following list displays the end–to-end high-level workflow for reporting i To confirm SQL Server Reporting Services is running, enter in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should appear.
2. Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a standalone computer and connect it to the database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server.
-3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports](https://www.microsoft.com/en-us/download/details.aspx?id=42630).
+3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports](https://www.microsoft.com/download/details.aspx?id=42630).
> [!NOTE]
>If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V.
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index 83bfa11219..e075bff689 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -22,7 +22,7 @@ This topic provides information about using the Application Virtualization (App-
## Obtain the client management console
-The client management console is separate from the App-V client itself. You can download the client management console from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=41186).
+The client management console is separate from the App-V client itself. You can download the client management console from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=41186).
> [!NOTE]
> To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V client.
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 53121c3c18..51a347d915 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -92,7 +92,7 @@ Revision=1
If a per-user service can't be disabled using a the security template, you can disable it by using Group Policy preferences.
-1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/en-us/download/details.aspx?id=45520) installed, click **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
+1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520) installed, click **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
2. Create a new Group Policy Object (GPO) or use an existing GPO.
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index e83a4bf8bd..5f1c4ea9c9 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -14,8 +14,8 @@ ms.topic: troubleshooting
# Advanced troubleshooting for Windows boot problems
->[!NOTE]
->This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
+> [!NOTE]
+> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
## Summary
@@ -58,14 +58,14 @@ Here is a summary of the boot sequence, what will be seen on the display, and ty
Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
->[!NOTE]
->If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle:
+> [!NOTE]
+> If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle:
>
->`Bcdedit /set {default} recoveryenabled no`
+> `Bcdedit /set {default} recoveryenabled no`
>
->If the F8 options don't work, run the following command:
+> If the F8 options don't work, run the following command:
>
->`Bcdedit /set {default} bootmenupolicy legacy`
+> `Bcdedit /set {default} bootmenupolicy legacy`
## BIOS phase
@@ -98,11 +98,10 @@ The Startup Repair tool automatically fixes many common problems. The tool also
To do this, follow these steps.
->[!NOTE]
->For additional methods to start WinRE, see [Entry points into WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
+> [!NOTE]
+> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
-1. Start the system to the installation media for the installed version of Windows.
- **Note** For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
+1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
2. On the **Install Windows** screen, select **Next** > **Repair your computer**.
@@ -132,8 +131,8 @@ To repair the boot sector, run the following command:
BOOTREC /FIXBOOT
```
->[!NOTE]
->Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
+> [!NOTE]
+> Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
### Method 3: Fix BCD errors
@@ -152,20 +151,25 @@ If you receive BCD-related errors, follow these steps:
```
4. You might receive one of the following outputs:
-
- - Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 0
+ ```dos
+ Scanning all disks for Windows installations. Please wait, since this may take a while ...
+ Successfully scanned Windows installations. Total identified Windows installations: 0
The operation completed successfully.
+ ```
- - Scanning all disks for Windows installations. Please wait, since this may take a while... Successfully scanned Windows installations. Total identified Windows installations: 1
+ ```dos
+ Scanning all disks for Windows installations. Please wait, since this may take a while ...
+ Successfully scanned Windows installations. Total identified Windows installations: 1
D:\Windows
Add installation to boot list? Yes/No/All:
+ ```
If the output shows **windows installation: 0**, run the following commands:
```dos
bcdedit /export c:\bcdbackup
-attrib c:\\boot\\bcd -h -r –s
+attrib c:\\boot\\bcd -r –s -h
ren c:\\boot\\bcd bcd.old
@@ -174,39 +178,41 @@ bootrec /rebuildbcd
After you run the command, you receive the following output:
- Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 1{D}:\Windows
+```dos
+Scanning all disks for Windows installations. Please wait, since this may take a while ...
+Successfully scanned Windows installations. Total identified Windows installations: 1
+{D}:\Windows
Add installation to boot list? Yes/No/All: Y
+```
-5. Try again to start the system.
+5. Try restarting the system.
### Method 4: Replace Bootmgr
-If methods 1 and 2 do not fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this, follow these steps:
+If methods 1, 2 and 3 do not fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this, follow these steps:
1. At a command prompt, change the directory to the System Reserved partition.
2. Run the **attrib** command to unhide the file:
```dos
- attrib-s -h -r
+ attrib -r -s -h
```
3. Run the same **attrib** command on the Windows (system drive):
```dos
- attrib-s -h –r
+ attrib -r -s -h
```
4. Rename the Bootmgr file as Bootmgr.old:
```dos
- ren c:\\bootmgr bootmgr.old
+ ren c:\bootmgr bootmgr.old
```
-5. Start a text editor, such as Notepad.
+5. Navigate to the system drive.
-6. Navigate to the system drive.
+6. Copy the Bootmgr file, and then paste it to the System Reserved partition.
-7. Copy the Bootmgr file, and then paste it to the System Reserved partition.
-
-8. Restart the computer.
+7. Restart the computer.
### Method 5: Restore System Hive
@@ -267,16 +273,16 @@ For detailed instructions, see [How to perform a clean boot in Windows](https://
If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
[Troubleshooting boot problem caused by missing driver signature (x64)](https://blogs.technet.microsoft.com/askcore/2012/04/15/troubleshooting-boot-issues-due-to-missing-driver-signature-x64/)
->[!NOTE]
->If the computer is a domain controller, try Directory Services Restore mode (DSRM).
+> [!NOTE]
+> If the computer is a domain controller, try Directory Services Restore mode (DSRM).
>
->This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
+> This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
**Examples**
->[!WARNING]
->Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
+> [!WARNING]
+> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
problems can be solved. Modify the registry at your own risk.
*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)*
@@ -307,11 +313,11 @@ For additional troubleshooting steps, see the following articles:
To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
-1. Open a Command Prompt winodw in WinRE.
+1. Open a Command Prompt window in WinRE.
2. Run the command:
```dos
- dism /image:C:\ /get-packages
+ DISM /image:C:\ /get-packages
```
3. If there are any pending updates, uninstall them by running the following commands:
@@ -319,7 +325,7 @@ To fix problems that occur after you install Windows updates, check for pending
DISM /image:C:\ /remove-package /packagename: name of the package
```
```dos
- Dism /Image:C:\ /Cleanup-Image /RevertPendingActions
+ DISM /Image:C:\ /Cleanup-Image /RevertPendingActions
```
Try to start the computer.
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index 4a0423c1e7..c6fe7134c8 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -98,7 +98,7 @@ As you review the roles in your organization, you can use the following generali
Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
-**MDM**: [MDM](https://www.microsoft.com/en-us/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.
+**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.
**Group Policy** and **System Center Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and System Center Configuration Manager continue to be excellent management choices:
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index 85de08a137..5c2dcefdc4 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -114,7 +114,7 @@ Example: Export the Debug logs
## Collect logs from Windows 10 Mobile devices
-Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic](https://www.microsoft.com/en-us/p/field-medic/9wzdncrfjb82?activetab=pivot%3aoverviewtab) app to collect logs.
+Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic](https://www.microsoft.com/p/field-medic/9wzdncrfjb82?activetab=pivot%3aoverviewtab) app to collect logs.
**To collect logs manually**
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 714c0ec093..6360bcb775 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -156,8 +156,8 @@ Requirements:
>[!IMPORTANT]
>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps:
> 1. Download:
-> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/en-us/download/details.aspx?id=56880) or
-> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/en-us/download/details.aspx?id=57576).
+> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or
+> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576).
> 2. Install the package on the Primary Domain Controller (PDC).
> 3. Navigate, depending on the version to the folder:
> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or
diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md
index dff91fd372..12af80dacf 100644
--- a/windows/client-management/mdm/federated-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md
@@ -167,6 +167,9 @@ AuthenticationServiceUrl?appru=&login_hint=
After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter.
+> [!NOTE]
+> To make an application compatible with strict Content Security Policy, it is usually necessary to make some changes to HTML templates and client-side code, add the policy header, and test that everything works properly once the policy is deployed.
+
```
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
index 98f5020545..f1f4f5b05f 100644
--- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
+++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
@@ -81,43 +81,7 @@ For code samples, see [Microsoft Azure Active Directory Samples and Documentatio
## Configure your Azure AD application
-Here are the steps to configure your Azure AD app. For additional information, see [Integrating Applications with Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=623021):
-
-1. Log into Microsoft Azure Management Portal (https:manage.windowsazure.com)
-2. Go to the Active Directory module.
-3. Select your directory.
-4. Click the **Applications** tab.
-
- 
-
-5. Click **Add**.
-
- 
-
-6. Select **Add an application that my organization is developing**.
-
- 
-
-7. Specify a name and then select **WEB APPLICATION AND/OR WEB API**.
-
- 
-
-8. Specify the **SIGN-ON URL** to your application.
-
- 
-
-9. Specify whether your app is multi-tenant or single tenant. For more information, see [Integrating Applications with Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=623021).
-
- 
-
-10. Create a client key.
-
- 
-
- > **Note** In the prior version of the tool, an update to the app manifest was required to authorize the application. This is no longer necessary.
-
-11. Login to Store for Business and enable your application. For step-by-step guide, see [Configure an MDM provider](https://technet.microsoft.com/library/mt606939.aspx).
-
+See [Quickstart: Register an application with the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) for the steps to configure your Azure AD app.
## Azure AD Authentication for MTS
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 067c82000d..ca0dbef0a2 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 01/26/2019
+ms.date: 08/26/2019
ms.reviewer:
manager: dansimp
---
@@ -205,8 +205,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed. Turns off scanning on archived files.
+- 1 (default) – Allowed. Scans the archive files.
@@ -267,8 +267,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed. Turns off behavior monitoring.
+- 1 (default) – Allowed. Turns on real-time behavior monitoring.
@@ -330,8 +330,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed. Turns off the Microsoft Active Protection Service.
+- 1 (default) – Allowed. Turns on the Microsoft Active Protection Service.
@@ -392,8 +392,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Not allowed.
-- 1 – Allowed.
+- 0 (default) – Not allowed. Turns off email scanning.
+- 1 – Allowed. Turns on email scanning.
@@ -454,8 +454,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 (default) – Not allowed.
-- 1 – Allowed.
+- 0 (default) – Not allowed. Disables scanning on mapped network drives.
+- 1 – Allowed. Scans mapped network drives.
@@ -502,7 +502,7 @@ The following list shows the supported values:
> This policy is only enforced in Windows 10 for desktop.
-Allows or disallows a full scan of removable drives.
+Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.
@@ -516,8 +516,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed. Turns off scanning on removable drives.
+- 1 (default) – Allowed. Scans removable drives.
@@ -756,8 +756,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed. Turns off the real-time monitoring service.
+- 1 (default) – Allowed. Turns on and runs the real-time monitoring service.
@@ -818,8 +818,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed. Turns off scanning of network files.
+- 1 (default) – Allowed. Scans network files.
@@ -934,8 +934,8 @@ ADMX Info:
The following list shows the supported values:
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+- 0 – Not allowed. Prevents users from accessing UI.
+- 1 (default) – Allowed. Lets users access UI.
diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md
index fbb8abae88..dd82298d1b 100644
--- a/windows/client-management/mdm/vpnv2-profile-xsd.md
+++ b/windows/client-management/mdm/vpnv2-profile-xsd.md
@@ -23,7 +23,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
```xml
-
diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md
index 9790bdb770..da7f583966 100644
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ b/windows/client-management/windows-10-mobile-and-mdm.md
@@ -108,7 +108,7 @@ MDM enrollment can also be initiated with a provisioning package. This option en
Employees can use only one account to initialize a device so it’s imperative that your organization controls which account is enabled first. The account chosen will determine who controls the device and influence your management capabilities.
->**Note:** Why must the user add an account to the device in OOBE? Windows 10 Mobile are single user devices and the user accounts give access to a number of default cloud services that enhance the productivity and entertainment value of the phone for the user. Such services are: Store for downloading apps, Groove for music and entertainment, Xbox for gaming, etc. Both an [MSA](https://www.microsoft.com/en-us/account/) and an [Azure AD account](https://www.microsoft.com/en-us/server-cloud/products/azure-active-directory/?WT.srch=1&WT.mc_id=SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=azure%20ad&utm_campaign=Enterprise_Mobility_Suite) give access to these services.
+>**Note:** Why must the user add an account to the device in OOBE? Windows 10 Mobile are single user devices and the user accounts give access to a number of default cloud services that enhance the productivity and entertainment value of the phone for the user. Such services are: Store for downloading apps, Groove for music and entertainment, Xbox for gaming, etc. Both an [MSA](https://www.microsoft.com/account/) and an [Azure AD account](https://www.microsoft.com/server-cloud/products/azure-active-directory/?WT.srch=1&WT.mc_id=SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=azure%20ad&utm_campaign=Enterprise_Mobility_Suite) give access to these services.
The following table describes the impact of identity choice on device management characteristics of the personal and corporate device scenarios.
@@ -186,7 +186,7 @@ For both personal and corporate deployment scenarios, an MDM system is the essen
Azure AD is a cloud-based directory service that provides identity and access management. You can integrate it with existing on-premises directories to create a hybrid identity solution. Organizations that use Microsoft Office 365 or Intune are already using Azure AD, which has three editions: Free Basic, and Premium (see [Azure Active Directory editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/)). All editions support Azure AD device registration, but the Premium edition is required to enable MDM auto-enrollment and conditional access based on device state.
**Mobile Device Management**
-Microsoft [Intune](https://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Office 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution.
+Microsoft [Intune](https://www.microsoft.com/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Office 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution.
You can also integrate Intune with Configuration Manager to gain a single console for managing all devices in the cloud and on premises, mobile or PC. For more information, see [Manage Mobile Devices with Configuration Manager and Microsoft Intune](https://technet.microsoft.com/library/jj884158.aspx). For guidance on choosing between a stand-alone Intune installation and Intune integrated with System Center Configuration Manager, see Choose between Intune by itself or integrating Intune with System Center Configuration Manager.
Multiple MDM systems support Windows 10 and most support personal and corporate device deployment scenarios. MDM providers that support Windows 10 Mobile currently include: AirWatch, Citrix, MobileIron, SOTI, Blackberry and others. Most industry-leading MDM vendors already support integration with Azure AD. You can find the MDM vendors that support Azure AD in [Azure Marketplace](https://azure.microsoft.com/marketplace/). If your organization doesn’t use Azure AD, the user must use an MSA during OOBE before enrolling the device in your MDM using a corporate account.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index b3077aeaf7..cca8151178 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -53,7 +53,7 @@ Your organization must have an Azure AD tenant and your employees’ devices mus
## Cortana and privacy
We understand that there are some questions about Cortana and your organization’s privacy, including concerns about what info is collected by Cortana, where the info is saved, how to manage what data is collected, how to turn Cortana off, how to opt completely out of data collection, and what info is shared with other Microsoft apps and services. For more details about these concerns, see the [Cortana, Search, and privacy: FAQ](https://windows.microsoft.com/windows-10/cortana-privacy-faq) topic.
-Cortana is covered under the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and [Microsoft Services Agreement](https://www.microsoft.com/en-us/servicesagreement).
+Cortana is covered under the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
## See also
- [What is Cortana?](https://go.microsoft.com/fwlink/p/?LinkId=746818)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index f731e345d8..7d96f06030 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -18,7 +18,7 @@ manager: dansimp
- Windows 10 Mobile, version 1703
>[!IMPORTANT]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/en-us/servicesagreement).
+>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
Cortana automatically finds patterns in your email, suggesting reminders based things that you said you would do so you don’t forget about them. For example, Cortana recognizes that if you include the text, _I’ll get this to you by the end of the week_ in an email, you're making a commitment to provide something by a specific date. Cortana can now suggest that you be reminded about this event, letting you decide whether to keep it or to cancel it.
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index c3491784d7..af5a26163b 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -21,15 +21,15 @@ ms.topic: article
- Windows 10 Pro, Enterprise, and Education
->[!WARNING]
->For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with least privilege, such as a local standard user account.
+> [!WARNING]
+> For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with the least privileges, such as a local standard user account.
>
->Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
+> Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that might allow an attacker subverting the assigned access application to gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
->[!IMPORTANT]
->[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
+> [!IMPORTANT]
+> [User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
>
->Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+> Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
## Configuration recommendations
@@ -60,19 +60,19 @@ Logs can help you [troubleshoot issues](multi-app-kiosk-troubleshoot.md) kiosk i
In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in.
->[!NOTE]
->If you are using a Windows 10 and later device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
+> [!NOTE]
+> If you are using a Windows 10 and later device restriction CSP to set "Preferred Azure AD tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
->[!TIP]
->If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML.
+> [!TIP]
+> If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML.
**How to edit the registry to have an account sign in automatically**
1. Open Registry Editor (regedit.exe).
- >[!NOTE]
- >If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).
+ > [!NOTE]
+ > If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).
2. Go to
@@ -94,8 +94,8 @@ In addition to the settings in the table, you may want to set up **automatic log
4. Close Registry Editor. The next time the computer restarts, the account will sign in automatically.
->[!TIP]
->You can also configure automatic sign-in [using the Autologon tool from Sysinternals](https://docs.microsoft.com/sysinternals/downloads/autologon).
+> [!TIP]
+> You can also configure automatic sign-in [using the Autologon tool from Sysinternals](https://docs.microsoft.com/sysinternals/downloads/autologon).
## Interactions and interoperability
@@ -245,13 +245,13 @@ The following table describes some features that have interoperability issues we
+
-
## Testing your kiosk in a virtual machine (VM)
Customers sometimes use virtual machines (VMs) to test configurations before deploying those configurations to physical devices. If you use a VM to test your single-app kiosk configuration, you need to know how to connect to the VM properly.
-A single-app kiosk configuration runs an app above the lockscreen. It doesn't work when it's accessed remotely, which includes *enhanced* sessions in Hyper-V.
+A single-app kiosk configuration runs an app above the lock screen. It doesn't work when it's accessed remotely, which includes *enhanced* sessions in Hyper-V.
When you connect to a VM configured as a single-app kiosk, you need a *basic* session rather than an enhanced session. In the following image, notice that **Enhanced session** is not selected in the **View** menu; that means it's a basic session.
@@ -259,4 +259,4 @@ When you connect to a VM configured as a single-app kiosk, you need a *basic* se
To connect to a VM in a basic session, do not select **Connect** in the connection dialog, as shown in the following image, but instead, select the **X** button in the upper-right corner to cancel the dialog.
-
+
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index fec62e33fd..92c0f753d1 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -51,6 +51,7 @@ Method | Description
+
## Set up a kiosk in local Settings
>App type: UWP
@@ -122,6 +123,7 @@ To remove assigned access, choose **Turn off assigned access and sign out of the
+
## Set up a kiosk using Windows PowerShell
@@ -182,6 +184,7 @@ Clear-AssignedAccess
+
## Set up a kiosk using the kiosk wizard in Windows Configuration Designer
>App type: UWP or Windows desktop application
@@ -234,6 +237,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
+
## Set up a kiosk or digital sign using Microsoft Intune or other MDM service
>App type: UWP
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 2b237f1092..b88f801492 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -591,6 +591,7 @@ To create a multi-app kiosk that can run mixed reality apps, you must include th
diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md index b4cdaad1f4..04b239b53b 100644 --- a/education/trial-in-a-box/itadmin-tib-get-started.md +++ b/education/trial-in-a-box/itadmin-tib-get-started.md @@ -278,4 +278,4 @@ For more information about checking for updates, and how to optionally turn on a ## Get more info * Learn more at microsoft.com/education * Find out if your school is eligible for a device trial at aka.ms/EDUTrialInABox -* Buy Windows 10 devices +* Buy Windows 10 devices diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index da30be64ef..af1534d6a3 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -37,7 +37,7 @@ Before you change to Windows 10 Pro Education, make sure you meet these requirem - The user making the changes must be a member of the Azure AD global administrator group. ## Compare Windows 10 Pro and Pro Education editions -You can [compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) to find out more about the features we support in other editions of Windows 10. +You can [compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare) to find out more about the features we support in other editions of Windows 10. For more info about Windows 10 default settings and recommendations for education customers, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). @@ -314,6 +314,6 @@ For more information about integrating on-premises AD DS domains with Azure AD, [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) -[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) +[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare) [Windows 10 subscription activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation) diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md index bb621c32d8..027127211f 100644 --- a/education/windows/deploy-windows-10-in-a-school-district.md +++ b/education/windows/deploy-windows-10-in-a-school-district.md @@ -26,7 +26,7 @@ This guide shows you how to deploy the Windows 10 operating system in a school d Proper preparation is essential for a successful district deployment. To avoid common mistakes, your first step is to plan a typical district configuration. Just as with building a house, you need a blueprint for what your district and individual schools should look like when it’s finished. The second step in preparation is to learn how you will manage the users, apps, and devices in your district. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your district. ->**Note** This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/en-us/cloud-platform/mobile-device-management). +>**Note** This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/cloud-platform/mobile-device-management). ### Plan a typical district configuration @@ -115,7 +115,7 @@ The configuration process requires the following devices: * **Admin device.** This is the device you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the System Center Configuration Manager Console on this device. * **Reference devices.** These are the devices that you will use as a template for the faculty and student devices. You install Windows 10 and Windows desktop apps on these devices, and then capture an image (.wim file) of the devices. - You will have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/en-us/windows/view-all). + You will have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/windows/view-all). * **Faculty and staff devices.** These are the devices that the teachers, faculty, and staff use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices. * **Student devices.** The students will use these devices. You will use the admin device deploy (or upgrade) Windows 10 and apps to them. @@ -550,7 +550,7 @@ In this section, you installed the Windows ADK and MDT on the admin device. You Office 365 is one of the core components of your classroom environment. You create and manage student identities in Office 365, and students and teachers use the suite as their email, contacts, and calendar system. They also use Office 365 collaboration features such as SharePoint, OneNote, and OneDrive for Business. -As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/en-us/education/products/office-365-deployment-resources/default.aspx). +As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/education/products/office-365-deployment-resources/default.aspx). ### Select the appropriate Office 365 Education license plan @@ -991,7 +991,7 @@ Depending on your school’s requirements, you may need any combination of the f >**Note** Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business—features not available in Windows 10 Home. For more information about how to upgrade Windows 10 Home to Windows 10 Pro or Windows 10 Education, see [Windows 10 edition upgrade](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades). -For more information about the Windows 10 editions, see [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). +For more information about the Windows 10 editions, see [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). One other consideration is the mix of processor architectures you will support. If you can, support only 64-bit versions of Windows 10. If you have devices that can run only 32-bit versions of Windows 10, you will need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above. diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md index f1696a220d..ed3de28f37 100644 --- a/education/windows/deploy-windows-10-in-a-school.md +++ b/education/windows/deploy-windows-10-in-a-school.md @@ -164,7 +164,7 @@ In this section, you installed the Windows ADK and MDT on the admin device. You Office 365 is one of the core components of your classroom environment. You create and manage student identities in Office 365, and students and teachers use the suite as their email, contacts, and calendar system. Teachers and students use Office 365 collaboration features such as SharePoint, OneNote, and OneDrive for Business. -As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/en-us/education/products/office-365-deployment-resources/default.aspx). +As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/education/products/office-365-deployment-resources/default.aspx). ### Select the appropriate Office 365 Education license plan diff --git a/education/windows/index.md b/education/windows/index.md index 0f1dedb139..80684834ef 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -19,8 +19,8 @@ ms.date: 10/13/2017 ##  Learn
Windows 10 editions for education customers
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
Compare each Windows edition
Find out more about the features and functionality we support in each edition of Windows.
Get Windows 10 Education or Windows 10 Pro Education
When you've made your decision, find out how to buy Windows for your school.
Compare each Windows edition
Find out more about the features and functionality we support in each edition of Windows.
Get Windows 10 Education or Windows 10 Pro Education
When you've made your decision, find out how to buy Windows for your school.
[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
-[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) +[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare) diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index 8f8f6c6aa2..1ec8ad81a4 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -51,7 +51,7 @@ Due to these reasons, we recommend that you use the installation tool and avoid Before you install Windows 10 in S mode on your existing Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise device: * Make sure that you updated your existing device to Windows 10, version 1703 (Creators Update). - See [Download Windows 10](https://www.microsoft.com/en-us/software-download/windows10) and follow the instructions to update your device to Windows 10, version 1703. You can verify your current version in **Settings > System > About**. + See [Download Windows 10](https://www.microsoft.com/software-download/windows10) and follow the instructions to update your device to Windows 10, version 1703. You can verify your current version in **Settings > System > About**. * Install the latest Windows Update. @@ -184,7 +184,7 @@ If you see this message, follow these steps to stop receiving the message: To use an installation media to reinstall Windows 10, follow these steps. -1. On a working PC, go to the [Microsoft software download website](https://www.microsoft.com/en-us/software-download/windows10). +1. On a working PC, go to the [Microsoft software download website](https://www.microsoft.com/software-download/windows10). 2. Download the Media Creation Tool and then run it. 3. Select **Create installation media for another PC**. 4. Choose a language, edition, and architecture (64-bit or 32-bit). diff --git a/mdop/agpm/whats-new-in-agpm-40-sp3.md b/mdop/agpm/whats-new-in-agpm-40-sp3.md index 4e65034c54..dbe0512e16 100644 --- a/mdop/agpm/whats-new-in-agpm-40-sp3.md +++ b/mdop/agpm/whats-new-in-agpm-40-sp3.md @@ -30,7 +30,7 @@ AGPM 4.0 SP3 adds support for the Windows 10 and Windows Server 2016 operating ### Support for PowerShell -AGPM 4.0 SP3 adds support for PowerShell cmdlets. For a list of the cmdlets available in AGPM 4.0 SP3, including descriptions and syntax, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx). +AGPM 4.0 SP3 adds support for PowerShell cmdlets. For a list of the cmdlets available in AGPM 4.0 SP3, including descriptions and syntax, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://docs.microsoft.com/powershell/mdop/get-started?view=win-mdop2-ps). ### Customer feedback and hotfix rollup diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md index 3013d8a294..08d550209b 100644 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -19,7 +19,7 @@ author: shortpatti This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 ### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 -[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=58345) +[Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=58345) #### Steps to update the MBAM Server for existing MBAM environment 1. Remove MBAM server feature (do this by opening the MBAM Server Configuration Tool, then selecting Remove Features). diff --git a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md index 185ace5f1b..166bfb30c5 100644 --- a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md +++ b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md @@ -26,7 +26,7 @@ MDOP Group Policy templates are available for download in a self-extracting, com **How to download and deploy the MDOP Group Policy templates** -1. Download the MDOP Group Policy templates from [Microsoft Desktop Optimization Pack Group Policy Administrative Templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531). +1. Download the MDOP Group Policy templates from [Microsoft Desktop Optimization Pack Group Policy Administrative Templates](https://www.microsoft.com/download/details.aspx?id=55531). 2. Run the downloaded file to extract the template folders. diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index 970711d8a8..22f5eca17c 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -352,7 +352,7 @@ You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** colla
Microsoft SQL Server 2016
Standard, Enterprise, or Datacenter
SP1
64-bit
64-bit
Microsoft SQL Server 2014
Standard, Enterprise, or Datacenter
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.| +| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.| | App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607.
To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). | | App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). | For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md). -If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx). +If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/learning/default.aspx). ## Getting started with App-V diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index 40047a8bd9..155f59650e 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -31,7 +31,7 @@ You should read and understand the following information before reading this doc - [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) -- [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760) +- [App-V Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760) **Note** Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk * review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md index 99a25f7fda..214bb3c9bd 100644 --- a/windows/application-management/app-v/appv-reporting.md +++ b/windows/application-management/app-v/appv-reporting.md @@ -30,7 +30,7 @@ The following list displays the end–to-end high-level workflow for reporting i To confirm SQL Server Reporting Services is running, enter
| Cmdlet | Use this cmdlet to | Syntax | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Add-ProvisioningPackage | Apply a provisioning package | Add-ProvisioningPackage [-Path] <string> [-ForceInstall] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Add-ProvisioningPackage | Apply a provisioning package | Add-ProvisioningPackage [-Path] <string> [-ForceInstall] [-LogsFolder <string>] [-QuietInstall] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Remove-ProvisioningPackage | Remove a provisioning package | Remove-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Remove-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Get-ProvisioningPackage | Get information about an installed provisioning package | Get-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Get-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Export-ProvisioningPackage | Extract the contents of a provisioning package | Export-ProvisioningPackage -PackageId <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Export-ProvisioningPackage -Path <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] |
| Topic | -Description | -
|---|---|
| - | This section provides information about using the Compatibility Administrator tool. |
-
Managing Application-Compatibility Fixes and Custom Fix Databases |
-This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. |
-
| - | You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations. |
-
| Topic | +Description | +
|---|---|
| + | This section provides information about using the Compatibility Administrator tool. |
+
Managing Application-Compatibility Fixes and Custom Fix Databases |
+This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. |
+
| + | You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations. |
+
| Fix | -Fix Description | -
|---|---|
8And16BitAggregateBlts |
-Applications that are mitigated by 8/16-bit mitigation can exhibit performance issues. This layer aggregates all the blt operations and improves performance. |
-
8And16BitDXMaxWinMode |
-Applications that use DX8/9 and are mitigated by the 8/16-bit mitigation are run in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode. |
-
8And16BitGDIRedraw |
-This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette. |
-
AccelGdipFlush |
-This fix increases the speed of GdipFlush, which has perf issues in DWM. |
-
AoaMp4Converter |
-This fix resolves a display issue for the AoA Mp4 Converter. |
-
BIOSRead |
-This problem is indicated when an application cannot access the Device\PhysicalMemory object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems. -The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the \Device\Physical memory information.. |
-
BlockRunasInteractiveUser |
-This problem occurs when InstallShield creates installers and uninstallers that fail to complete and that generate error messages or warnings. -The fix blocks InstallShield from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights. -
-Note
-For more detailed information about this application fix, see Using the BlockRunAsInteractiveUser Fix. -
-
- |
-
ChangeFolderPathToXPStyle |
-This fix is required when an application cannot return shell folder paths when it uses the SHGetFolder API. -The fix intercepts the SHGetFolder path request to the common appdata file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path. |
-
ClearLastErrorStatusonIntializeCriticalSection |
-This fix is indicated when an application fails to start. -The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS. |
-
CopyHKCUSettingsFromOtherUsers |
-This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users. -The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area. -You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example:
-Note
-For more detailed information about this application fix, see Using the CopyHKCUSettingsFromOtherUsers Fix. -
-
- |
-
CorrectCreateBrushIndirectHatch |
-The problem is indicated by an access violation error message that displays and when the application fails when you select or crop an image. -The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted. |
-
CorrectFilePaths |
-The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message. -The fix modifies the file path names to point to a new location on the hard disk. -
-Note
-For more detailed information about the CorrectFilePaths application fix, see Using the CorrectFilePaths Fix. We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file. -
-
- |
-
CorrectFilePathsUninstall |
-This problem occurs when an uninstalled application leaves behind files, directories, and links. -The fix corrects the file paths that are used by the uninstallation process of an application. -
-Note
-For more detailed information about this fix, see Using the CorrectFilePathsUninstall Fix. We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file. -
-
- |
-
CorrectShellExecuteHWND |
-This problem occurs when you start an executable (.exe) and a taskbar item blinks instead of an elevation prompt being opened, or when the application does not provide a valid HWND value when it calls the ShellExecute(Ex) function. -The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value. -
-Note
-For more detailed information about the CorrectShellExecuteHWND application fix, see Using the CorrectShellExecuteHWND Fix. -
-
- |
-
CustomNCRender |
-This fix instructs DWM to not render the non-client area, thereby forcing the application to do its own NC rendering. This often gives windows an XP look. |
-
DelayApplyFlag |
-This fix applies a KERNEL, USER, or PROCESS flag if the specified DLL is loaded. -You can control this fix further by typing the following command at the command prompt: -DLL_Name;Flag_Type;Hexidecimal_Value -Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64-bits long. -
-Note
-The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash (). -
-
- |
-
DeprecatedServiceShim |
-The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays. -The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter. -You can control this fix further by typing the following command at the command prompt: -Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2 -Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI. -
-Note
-If you do not provide an App_Service name, the deprecated service will be removed from all newly created services. -
-
-
-
-Note
-You can separate multiple entries with a forward slash (/). -
-
- |
-
DirectXVersionLie |
-This problem occurs when an application fails because it does not find the correct version number for DirectX®. -The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version. -You can control this fix further by typing the following command at the command prompt: -MAJORVERSION.MINORVERSION.LETTER -For example, |
-
DetectorDWM8And16Bit |
-This fix offeres mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 . |
-
Disable8And16BitD3D |
-This fix improves performance of 8/16-bit color applications that render using D3D and do not mix directdraw. |
-
Disable8And16BitModes |
-This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes. |
-
DisableDWM |
-The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application. -The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. -
-Note
-For more detailed information about this application fix, see Using the DisableDWM Fix. -
-
- |
-
DisableFadeAnimations |
-The problem is indicated when an application fade animations, buttons, or other controls do not function properly. -The fix disables the fade animations functionality for unsupported applications. |
-
DisableThemeMenus |
-The problem is indicated by an application that behaves unpredictably when it tries to detect and use the correct Windows settings. -The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. |
-
DisableWindowsDefender |
-The fix disables Windows Defender for security applications that do not work with Windows Defender. |
-
DWM8And16BitMitigation |
-The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8. |
-
DXGICompat |
-The fix allows application-specific compatibility instructions to be passed to the DirectX engine. |
-
DXMaximizedWindowedMode |
-Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D. |
-
ElevateCreateProcess |
-The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message. -The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged. -
-Note
-For more detailed information about this application fix, see Using the ElevateCreateProcess Fix. -
-
- |
-
EmulateOldPathIsUNC |
-The problem occurs when an application fails because of an incorrect UNC path. -The fix changes the PathIsUNC function to return a value of True for UNC paths in Windows. |
-
EmulateGetDiskFreeSpace |
-The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements. -The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount. -
-Note
-For more detailed information about this application fix, see Using the EmulateGetDiskFreeSpace Fix. -
-
- |
-
EmulateSorting |
-The problem occurs when an application experiences search functionality issues. -The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table. -
-Note
-For more detailed information about this e application fix, see Using the EmulateSorting Fix. -
-
- |
-
EmulateSortingWindows61 |
-The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs. |
-
EnableRestarts |
-The problem is indicated when an application and computer appear to hang because processes cannot end to allow the computer to complete its restart processes. -The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists. -
-Note
-For more detailed information about this application fix, see Using the EnableRestarts Fix. -
-
- |
-
ExtraAddRefDesktopFolder |
-The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed. -The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function. |
-
FailObsoleteShellAPIs |
-The problem occurs when an application fails because it generated deprecated API calls. -The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail. -
-Note
-You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail. -
-
- |
-
FailRemoveDirectory |
-The problem occurs when an application uninstallation process does not remove all of the application files and folders. -This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command-line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported. -The fix can resolve an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it. |
-
FakeLunaTheme |
-The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed. -The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna). -
-Note
-For more detailed information about the FakeLunaTheme application fix, see Using the FakeLunaTheme Fix. -
-
- |
-
FlushFile |
-This problem is indicated when a file is updated and changes do not immediately appear on the hard disk. Applications cannot see the file changes. -The fix enables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk. |
-
FontMigration |
-The fix replaces an application-requested font with a better font selection, to avoid text truncation. |
-
ForceAdminAccess |
-The problem occurs when an application fails to function during an explicit administrator check. -The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check. -
-Note
-For more detailed information about this application fix, see Using the ForceAdminAccess Fix. -
-
- |
-
ForceInvalidateOnClose |
-The fix invalidates any windows that exist under a closing or hiding window for applications that rely on the invalidation messages. |
-
ForceLoadMirrorDrvMitigation |
-The fix loads the Windows 8 mirror driver mitigation for applications where the mitigation is not automatically applied. |
-
FreestyleBMX |
-The fix resolves an application race condition that is related to window message order. |
-
GetDriveTypeWHook |
-The application presents unusual behavior during installation; for example, the setup program states that it cannot install to a user-specified location. -The fix changes GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly-formed file path when it tries to retrieve the drive type on which the file path exists. |
-
GlobalMemoryStatusLie |
-The problem is indicated by a Computer memory full error message that displays when you start an application. -The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size. |
-
HandleBadPtr |
-The problem is indicated by an access violation error message that displays because an API is performing pointer validation before it uses a parameter. -The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the additional parameter validation. |
-
HandleMarkedContentNotIndexed |
-The problem is indicated by an application that fails when it changes an attribute on a file or directory. -The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state. |
-
HeapClearAllocation |
-The problem is indicated when the allocation process shuts down unexpectedly. -The fix uses zeros to clear out the heap allocation for an application. |
-
IgnoreAltTab |
-The problem occurs when an application fails to function when special key combinations are used. -The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks. -
-Note
-For more detailed information about this application fix, see Using the IgnoreAltTab Fix. -
-
- |
-
IgnoreChromeSandbox |
-The fix allows Google Chrome to run on systems that have ntdll loaded above 4GB. |
-
IgnoreDirectoryJunction |
-The problem is indicated by a read or access violation error message that displays when an application tries to find or open files. -The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW and FindFirstFileA APIs to prevent them from returning directory junctions. -
-Note
-Symbolic links appear starting in Windows Vista. -
-
- |
-
IgnoreException |
-The problem is indicated when an application stops functioning immediately after it starts, or the application starts with only a cursor appearing on the screen. -The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception. -You can control this fix further by typing the following command at the command prompt: -Exception1;Exception2 -Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1. -
-Important
-You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience additional compatibility issues if you choose to incorrectly ignore an exception. -
-
-
-
-Note
-For more detailed information about this application fix, see Using the IgnoreException Fix. -
-
- |
-
IgnoreFloatingPointRoundingControl |
-This fix enables an application to ignore the rounding control request and to behave as expected in previous versions of the application. -Before floating point SSE2 support in the C runtime library, the rounding control request was being ignored which would use round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior. |
-
IgnoreFontQuality |
-The problem occurs when application text appears to be distorted. -The fix enables color-keyed fonts to properly work with anti-aliasing. |
-
IgnoreMessageBox |
-The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system. -The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box. -
-Note
-For more detailed information about this application fix, see Using the IgnoreMessageBox Fix. -
-
- |
-
IgnoreMSOXMLMF |
-The problem is indicated by an error message that states that the operating system cannot locate the MSVCR80D.DLL file. -The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system any time that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix will just ignore the registered MSOXMLMF and fail the CoGetClassObject for its CLSID. |
-
IgnoreSetROP2 |
-The fix ignores read-modify-write operations on the desktop to avoid performance issues. |
-
InstallComponent |
-The fix prompts the user to install.Net 3.5 or .Net 2.0 because .Net is not included with Windows 8. |
-
LoadLibraryRedirect |
-The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application. |
-
LocalMappedObject |
-The problem occurs when an application unsuccessfully tries to create an object in the Global namespace. -The fix intercepts the function call to create the object and replaces the word Global with Local. -
-Note
-For more detailed information about this application fix, see Using the LocalMappedObject Fix. -
-
- |
-
MakeShortcutRunas |
-The problem is indicated when an application fails to uninstall because of access-related errors. -The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later. -
-Note
-For more detailed information about this application fix, see Using the MakeShortcutRunas Fix -
-
- |
-
ManageLinks |
-The fix intercepts common APIs that are going to a directory or to an executable (.exe) file, and then converts any symbolic or directory junctions before passing it back to the original APIs. |
-
MirrorDriverWithComposition |
-The fix allows mirror drivers to work properly with acceptable performance with desktop composition. |
-
MoveToCopyFileShim |
-The problem occurs when an application experiences security access issues during setup. -The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue. |
-
OpenDirectoryAcl |
-The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application. -The fix reduces the security privilege levels on a specified set of files and folders. -
-Note
-For more detailed information about this application fix, see Using the OpenDirectoryACL Fix. -
-
- |
-
PopCapGamesForceResPerf |
-The fix resolves the performance issues in PopCap games like Bejeweled2. The performance issues are visible in certain low-end cards at certain resolutions where the 1024x768 buffer is scaled to fit the display resolution. |
-
PreInstallDriver |
-The fix preinstalls drivers for applications that would otherwise try to install or start drivers during the initial start process. |
-
PreInstallSmarteSECURE |
-The fix preinstalls computer-wide CLSIDs for applications that use SmartSECURE copy protection, which would otherwise try to install the CLSIDs during the initial start process. |
-
ProcessPerfData |
-The problem is indicated by an Unhandled Exception error message because the application tried to read the process performance data registry value to determine if another instance of the application is running. -The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running. -
-Note
-This issue seems to occur most frequently with .NET applications. -
-
- |
-
PromoteDAM |
-The fix registers an application for power state change notifications. |
-
PropagateProcessHistory |
-The problem occurs when an application incorrectly fails to apply an application fix. -The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes. |
-
ProtectedAdminCheck |
-The problem occurs when an application fails to run because of incorrect Protected Administrator permissions. -The fix addresses the issues that occur when applications use non-standard Administrator checks, thereby generating false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but it is set as deny-only. |
-
RedirectCRTTempFile |
-The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory. |
-
RedirectHKCUKeys |
-The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions. -The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime. |
-
RedirectMP3Codec |
-This problem occurs when you cannot play MP3 files. -The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version. |
-
RedirectShortcut |
-The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process. -The fix redirects all of the shortcuts created during the application setup to appear according to a specified path. -
This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts. -You cannot apply this fix to an .exe file that includes a manifest and provides a runlevel. |
-
RelaunchElevated |
-The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application. -The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin. -
-Note
-For more detailed information about this application fix, see Using the RelaunchElevated Fix. -
-
- |
-
RetryOpenSCManagerWithReadAccess |
-The problem occurs when an application tries to open the Service Control Manager (SCM) and receives an Access Denied error message. -The fix retries the call and requests a more restricted set of rights that include the following: -
|
-
RetryOpenServiceWithReadAccess |
-The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays. -The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work -
-Note
-For more detailed information about this application fix, see Using the RetryOpenServiceWithReadAccess Fix. -
-
- |
-
RunAsAdmin |
-The problem occurs when an application fails to function by using the Standard User or Protected Administrator account. -The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest. -
-Note
-For more detailed information about this application fix, see Using the RunAsAdmin Fix. -
-
- |
-
RunAsHighest |
-The problem occurs when administrators cannot view the read/write version of an application that presents a read-only view to standard users. -The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest. -
-Note
-For more detailed information about this application fix, see Using the RunAsHighest Fix. -
-
- |
-
RunAsInvoker |
-The problem occurs when an application is not detected as requiring elevation. -The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest. -
-Note
-For more detailed information about this application fix, see Using the RunAsInvoker Fix. -
-
- |
-
SecuROM7 |
-The fix repairs applications by using SecuROM7 for copy protection. |
-
SessionShim |
-The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter. -At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified. -
-Important
-Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail. -
-
-
-
-Note
-For more detailed information about this application fix, see Using the SessionShim Fix. -
-
- |
-
SetProtocolHandler |
-The fix registers an application as a protocol handler. -You can control this fix further by typing the following command at the command prompt: -Client;Protocol;App -Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application. -
-Note
-Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash (). -
-
- |
-
SetupCommitFileQueueIgnoreWow |
-The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers. -The fix disables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup. |
-
SharePointDesigner2007 |
-The fix resolves an application bug that severely slows the application when it runs in DWM. |
-
ShimViaEAT |
-The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue. -The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion. -
-Note
-For more information about this application fix, see Using the ShimViaEAT Fix. -
-
- |
-
ShowWindowIE |
-The problem occurs when a web application experiences navigation and display issues because of the tabbing feature. -The fix intercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window. |
-
SierraWirelessHideCDROM |
-The fix repairs the Sierra Wireless Driver installation, thereby preventing bugcheck. |
-
Sonique2 |
-The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value. |
-
SpecificInstaller |
-The problem occurs when an application installation file fails to be picked up by the GenericInstaller function. -The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation. -
-Note
-For more detailed information about this application fix, see Using the SpecificInstaller Fix. -
-
- |
-
SpecificNonInstaller |
-The problem occurs when an application that is not an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function. -The fix flags the application to exclude it from detection by the GenericInstaller function. -
-Note
-For more detailed information about this application fix, see Using the SpecificNonInstaller Fix. -
-
- |
-
SystemMetricsLie |
-The fix replaces SystemMetrics values and SystemParametersInfo values with the values of previous Windows versions. |
-
TextArt |
-The application receives different mouse coordinates with DWM ON versus DWM OFF, which causes the application to hang. This fix resolves the issue. |
-
TrimDisplayDeviceNames |
-The fix trims the names of the display devices that are returned by the EnumDisplayDevices API. |
-
UIPICompatLogging |
-The fix enables the logging of Windows messages from Internet Explorer and other processes. |
-
UIPIEnableCustomMsgs |
-The problem occurs when an application does not properly communicate with other processes because customized Windows messages are not delivered. -The fix enables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code. -You can control this fix further by typing the following command at the command prompt: -MessageString1 MessageString2 -Where MessageString1 and MessageString2 reflect the message strings that can pass. -
-Note
-Multiple message strings must be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableCustomMsgs Fix. -
-
- |
-
UIPIEnableStandardMsgs |
-The problem occurs when an application does not communicate properly with other processes because standard Windows messages are not delivered. -The fix enables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code. -You can control this fix further by typing the following command at the command prompt: -1055 1056 1069 -Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass. -
-Note
-Multiple messages can be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableStandardMsgs Fix [act]. -
-
- |
-
VirtualizeDeleteFileLayer |
-The fix virtualizes DeleteFile operations for applications that try to delete protected files. |
-
VirtualizeDesktopPainting |
-This fix improves the performance of a number of operations on the Desktop DC while using DWM. |
-
VirtualRegistry |
-The problem is indicated when a Component failed to be located error message displays when an application is started. -The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on. -For more detailed information about this application fix, see Using the VirtualRegistry Fix. |
-
VirtualizeDeleteFile |
-The problem occurs when several error messages display and the application cannot delete files. -The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted. -
-Note
-For more detailed information about this application fix, see Using the VirtualizeDeleteFile Fix. -
-
- |
-
VirtualizeHKCRLite |
-The problem occurs when an application fails to register COM components at runtime. -The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance. -HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated. -You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix. -For more detailed information about this application fix, see Using the VirtualizeHKCRLite Fix. |
-
VirtualizeRegisterTypeLib |
-The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used. -
-Note
-For more detailed information about this application fix, see Using the VirtualizeRegisterTypelib Fix. -
-
- |
-
WaveOutIgnoreBadFormat |
-This problem is indicated by an error message that states: Unable to initialize sound device from your audio driver; the application then closes. -The fix enables the application to ignore the format error and continue to function properly. |
-
WerDisableReportException |
-The fix turns off the silent reporting of exceptions to the Windows Error Reporting tool, including those that are reported by Object Linking and Embedding-Database (OLE DB). The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message. |
-
Win7RTM/Win8RTM |
-The layer provides the application with Windows 7/Windows 8 compatibility mode. |
-
WinxxRTMVersionLie |
-The problem occurs when an application fails because it does not find the correct version number for the required Windows operating system. -All version lie compatibility fixes address the issue whereby an application fails to function because it is checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer. |
-
Wing32SystoSys32 |
-The problem is indicated by an error message that states that the WinG library was not properly installed. -The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory. -
-Important
-The application must have Administrator privileges for this fix to work. -
-
- |
-
WinSrv08R2RTM |
-- |
WinXPSP2VersionLie |
-The problem occurs when an application experiences issues because of a VB runtime DLL. -The fix forces the application to follow these steps: -
|
-
WRPDllRegister |
-The application fails when it tries to register a COM component that is released together with Windows Vista and later. -The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions. -You can control this fix further by typing the following command at the command prompt: -Component1.dll;Component2.dll -Where Component1.dll and Component2.dll reflect the components to be skipped. -
-Note
-For more detailed information about this application fix, see Using the WRPDllRegister Fix. -
-
- |
-
WRPMitigation |
-The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access. -The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue. -
-Note
-For more detailed information about WRPMitigation, see Using the WRPMitigation Fix. -
-
- |
-
WRPRegDeleteKey |
-The problem is indicated by an access denied error message that displays when the application tries to delete a registry key. -The fix verifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process. |
-
XPAfxIsValidAddress |
-The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress. |
-
| Compatibility Mode Name | -Description | -Included Compatibility Fixes | -
|---|---|---|
WinSrv03 |
-Emulates the Windows Server 2003 operating system. |
-
|
-
WinSrv03Sp1 |
-Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system. |
-
|
-
| Fix | +Fix Description | +
|---|---|
8And16BitAggregateBlts |
+Applications that are mitigated by 8/16-bit mitigation can exhibit performance issues. This layer aggregates all the blt operations and improves performance. |
+
8And16BitDXMaxWinMode |
+Applications that use DX8/9 and are mitigated by the 8/16-bit mitigation are run in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode. |
+
8And16BitGDIRedraw |
+This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette. |
+
AccelGdipFlush |
+This fix increases the speed of GdipFlush, which has perf issues in DWM. |
+
AoaMp4Converter |
+This fix resolves a display issue for the AoA Mp4 Converter. |
+
BIOSRead |
+This problem is indicated when an application cannot access the Device\PhysicalMemory object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems. +The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the \Device\Physical memory information.. |
+
BlockRunasInteractiveUser |
+This problem occurs when InstallShield creates installers and uninstallers that fail to complete and that generate error messages or warnings. +The fix blocks InstallShield from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights. +
+Note
+For more detailed information about this application fix, see Using the BlockRunAsInteractiveUser Fix. +
+
+ |
+
ChangeFolderPathToXPStyle |
+This fix is required when an application cannot return shell folder paths when it uses the SHGetFolder API. +The fix intercepts the SHGetFolder path request to the common appdata file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path. |
+
ClearLastErrorStatusonIntializeCriticalSection |
+This fix is indicated when an application fails to start. +The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS. |
+
CopyHKCUSettingsFromOtherUsers |
+This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users. +The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area. +You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example:
+Note
+For more detailed information about this application fix, see Using the CopyHKCUSettingsFromOtherUsers Fix. +
+
+ |
+
CorrectCreateBrushIndirectHatch |
+The problem is indicated by an access violation error message that displays and when the application fails when you select or crop an image. +The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted. |
+
CorrectFilePaths |
+The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message. +The fix modifies the file path names to point to a new location on the hard disk. +
+Note
+For more detailed information about the CorrectFilePaths application fix, see Using the CorrectFilePaths Fix. We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file. +
+
+ |
+
CorrectFilePathsUninstall |
+This problem occurs when an uninstalled application leaves behind files, directories, and links. +The fix corrects the file paths that are used by the uninstallation process of an application. +
+Note
+For more detailed information about this fix, see Using the CorrectFilePathsUninstall Fix. We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file. +
+
+ |
+
CorrectShellExecuteHWND |
+This problem occurs when you start an executable (.exe) and a taskbar item blinks instead of an elevation prompt being opened, or when the application does not provide a valid HWND value when it calls the ShellExecute(Ex) function. +The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value. +
+Note
+For more detailed information about the CorrectShellExecuteHWND application fix, see Using the CorrectShellExecuteHWND Fix. +
+
+ |
+
CustomNCRender |
+This fix instructs DWM to not render the non-client area, thereby forcing the application to do its own NC rendering. This often gives windows an XP look. |
+
DelayApplyFlag |
+This fix applies a KERNEL, USER, or PROCESS flag if the specified DLL is loaded. +You can control this fix further by typing the following command at the command prompt: +DLL_Name;Flag_Type;Hexidecimal_Value +Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64-bits long. +
+Note
+The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash (). +
+
+ |
+
DeprecatedServiceShim |
+The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays. +The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter. +You can control this fix further by typing the following command at the command prompt: +Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2 +Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI. +
+Note
+If you do not provide an App_Service name, the deprecated service will be removed from all newly created services. +
+
+
+
+Note
+You can separate multiple entries with a forward slash (/). +
+
+ |
+
DirectXVersionLie |
+This problem occurs when an application fails because it does not find the correct version number for DirectX®. +The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version. +You can control this fix further by typing the following command at the command prompt: +MAJORVERSION.MINORVERSION.LETTER +For example, |
+
DetectorDWM8And16Bit |
+This fix offeres mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 . |
+
Disable8And16BitD3D |
+This fix improves performance of 8/16-bit color applications that render using D3D and do not mix directdraw. |
+
Disable8And16BitModes |
+This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes. |
+
DisableDWM |
+The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application. +The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. +
+Note
+For more detailed information about this application fix, see Using the DisableDWM Fix. +
+
+ |
+
DisableFadeAnimations |
+The problem is indicated when an application fade animations, buttons, or other controls do not function properly. +The fix disables the fade animations functionality for unsupported applications. |
+
DisableThemeMenus |
+The problem is indicated by an application that behaves unpredictably when it tries to detect and use the correct Windows settings. +The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. |
+
DisableWindowsDefender |
+The fix disables Windows Defender for security applications that do not work with Windows Defender. |
+
DWM8And16BitMitigation |
+The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8. |
+
DXGICompat |
+The fix allows application-specific compatibility instructions to be passed to the DirectX engine. |
+
DXMaximizedWindowedMode |
+Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D. |
+
ElevateCreateProcess |
+The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message. +The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged. +
+Note
+For more detailed information about this application fix, see Using the ElevateCreateProcess Fix. +
+
+ |
+
EmulateOldPathIsUNC |
+The problem occurs when an application fails because of an incorrect UNC path. +The fix changes the PathIsUNC function to return a value of True for UNC paths in Windows. |
+
EmulateGetDiskFreeSpace |
+The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements. +The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount. +
+Note
+For more detailed information about this application fix, see Using the EmulateGetDiskFreeSpace Fix. +
+
+ |
+
EmulateSorting |
+The problem occurs when an application experiences search functionality issues. +The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table. +
+Note
+For more detailed information about this e application fix, see Using the EmulateSorting Fix. +
+
+ |
+
EmulateSortingWindows61 |
+The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs. |
+
EnableRestarts |
+The problem is indicated when an application and computer appear to hang because processes cannot end to allow the computer to complete its restart processes. +The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists. +
+Note
+For more detailed information about this application fix, see Using the EnableRestarts Fix. +
+
+ |
+
ExtraAddRefDesktopFolder |
+The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed. +The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function. |
+
FailObsoleteShellAPIs |
+The problem occurs when an application fails because it generated deprecated API calls. +The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail. +
+Note
+You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail. +
+
+ |
+
FailRemoveDirectory |
+The problem occurs when an application uninstallation process does not remove all of the application files and folders. +This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command-line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported. +The fix can resolve an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it. |
+
FakeLunaTheme |
+The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed. +The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna). +
+Note
+For more detailed information about the FakeLunaTheme application fix, see Using the FakeLunaTheme Fix. +
+
+ |
+
FlushFile |
+This problem is indicated when a file is updated and changes do not immediately appear on the hard disk. Applications cannot see the file changes. +The fix enables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk. |
+
FontMigration |
+The fix replaces an application-requested font with a better font selection, to avoid text truncation. |
+
ForceAdminAccess |
+The problem occurs when an application fails to function during an explicit administrator check. +The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check. +
+Note
+For more detailed information about this application fix, see Using the ForceAdminAccess Fix. +
+
+ |
+
ForceInvalidateOnClose |
+The fix invalidates any windows that exist under a closing or hiding window for applications that rely on the invalidation messages. |
+
ForceLoadMirrorDrvMitigation |
+The fix loads the Windows 8 mirror driver mitigation for applications where the mitigation is not automatically applied. |
+
FreestyleBMX |
+The fix resolves an application race condition that is related to window message order. |
+
GetDriveTypeWHook |
+The application presents unusual behavior during installation; for example, the setup program states that it cannot install to a user-specified location. +The fix changes GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly-formed file path when it tries to retrieve the drive type on which the file path exists. |
+
GlobalMemoryStatusLie |
+The problem is indicated by a Computer memory full error message that displays when you start an application. +The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size. |
+
HandleBadPtr |
+The problem is indicated by an access violation error message that displays because an API is performing pointer validation before it uses a parameter. +The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the additional parameter validation. |
+
HandleMarkedContentNotIndexed |
+The problem is indicated by an application that fails when it changes an attribute on a file or directory. +The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state. |
+
HeapClearAllocation |
+The problem is indicated when the allocation process shuts down unexpectedly. +The fix uses zeros to clear out the heap allocation for an application. |
+
IgnoreAltTab |
+The problem occurs when an application fails to function when special key combinations are used. +The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks. +
+Note
+For more detailed information about this application fix, see Using the IgnoreAltTab Fix. +
+
+ |
+
IgnoreChromeSandbox |
+The fix allows Google Chrome to run on systems that have ntdll loaded above 4GB. |
+
IgnoreDirectoryJunction |
+The problem is indicated by a read or access violation error message that displays when an application tries to find or open files. +The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW and FindFirstFileA APIs to prevent them from returning directory junctions. +
+Note
+Symbolic links appear starting in Windows Vista. +
+
+ |
+
IgnoreException |
+The problem is indicated when an application stops functioning immediately after it starts, or the application starts with only a cursor appearing on the screen. +The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception. +You can control this fix further by typing the following command at the command prompt: +Exception1;Exception2 +Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1. +
+Important
+You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience additional compatibility issues if you choose to incorrectly ignore an exception. +
+
+
+
+Note
+For more detailed information about this application fix, see Using the IgnoreException Fix. +
+
+ |
+
IgnoreFloatingPointRoundingControl |
+This fix enables an application to ignore the rounding control request and to behave as expected in previous versions of the application. +Before floating point SSE2 support in the C runtime library, the rounding control request was being ignored which would use round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior. |
+
IgnoreFontQuality |
+The problem occurs when application text appears to be distorted. +The fix enables color-keyed fonts to properly work with anti-aliasing. |
+
IgnoreMessageBox |
+The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system. +The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box. +
+Note
+For more detailed information about this application fix, see Using the IgnoreMessageBox Fix. +
+
+ |
+
IgnoreMSOXMLMF |
+The problem is indicated by an error message that states that the operating system cannot locate the MSVCR80D.DLL file. +The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system any time that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix will just ignore the registered MSOXMLMF and fail the CoGetClassObject for its CLSID. |
+
IgnoreSetROP2 |
+The fix ignores read-modify-write operations on the desktop to avoid performance issues. |
+
InstallComponent |
+The fix prompts the user to install.Net 3.5 or .Net 2.0 because .Net is not included with Windows 8. |
+
LoadLibraryRedirect |
+The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application. |
+
LocalMappedObject |
+The problem occurs when an application unsuccessfully tries to create an object in the Global namespace. +The fix intercepts the function call to create the object and replaces the word Global with Local. +
+Note
+For more detailed information about this application fix, see Using the LocalMappedObject Fix. +
+
+ |
+
MakeShortcutRunas |
+The problem is indicated when an application fails to uninstall because of access-related errors. +The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later. +
+Note
+For more detailed information about this application fix, see Using the MakeShortcutRunas Fix +
+
+ |
+
ManageLinks |
+The fix intercepts common APIs that are going to a directory or to an executable (.exe) file, and then converts any symbolic or directory junctions before passing it back to the original APIs. |
+
MirrorDriverWithComposition |
+The fix allows mirror drivers to work properly with acceptable performance with desktop composition. |
+
MoveToCopyFileShim |
+The problem occurs when an application experiences security access issues during setup. +The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue. |
+
OpenDirectoryAcl |
+The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application. +The fix reduces the security privilege levels on a specified set of files and folders. +
+Note
+For more detailed information about this application fix, see Using the OpenDirectoryACL Fix. +
+
+ |
+
PopCapGamesForceResPerf |
+The fix resolves the performance issues in PopCap games like Bejeweled2. The performance issues are visible in certain low-end cards at certain resolutions where the 1024x768 buffer is scaled to fit the display resolution. |
+
PreInstallDriver |
+The fix preinstalls drivers for applications that would otherwise try to install or start drivers during the initial start process. |
+
PreInstallSmarteSECURE |
+The fix preinstalls computer-wide CLSIDs for applications that use SmartSECURE copy protection, which would otherwise try to install the CLSIDs during the initial start process. |
+
ProcessPerfData |
+The problem is indicated by an Unhandled Exception error message because the application tried to read the process performance data registry value to determine if another instance of the application is running. +The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running. +
+Note
+This issue seems to occur most frequently with .NET applications. +
+
+ |
+
PromoteDAM |
+The fix registers an application for power state change notifications. |
+
PropagateProcessHistory |
+The problem occurs when an application incorrectly fails to apply an application fix. +The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes. |
+
ProtectedAdminCheck |
+The problem occurs when an application fails to run because of incorrect Protected Administrator permissions. +The fix addresses the issues that occur when applications use non-standard Administrator checks, thereby generating false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but it is set as deny-only. |
+
RedirectCRTTempFile |
+The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory. |
+
RedirectHKCUKeys |
+The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions. +The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime. |
+
RedirectMP3Codec |
+This problem occurs when you cannot play MP3 files. +The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version. |
+
RedirectShortcut |
+The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process. +The fix redirects all of the shortcuts created during the application setup to appear according to a specified path. +
This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts. +You cannot apply this fix to an .exe file that includes a manifest and provides a runlevel. |
+
RelaunchElevated |
+The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application. +The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin. +
+Note
+For more detailed information about this application fix, see Using the RelaunchElevated Fix. +
+
+ |
+
RetryOpenSCManagerWithReadAccess |
+The problem occurs when an application tries to open the Service Control Manager (SCM) and receives an Access Denied error message. +The fix retries the call and requests a more restricted set of rights that include the following: +
|
+
RetryOpenServiceWithReadAccess |
+The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays. +The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work +
+Note
+For more detailed information about this application fix, see Using the RetryOpenServiceWithReadAccess Fix. +
+
+ |
+
RunAsAdmin |
+The problem occurs when an application fails to function by using the Standard User or Protected Administrator account. +The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest. +
+Note
+For more detailed information about this application fix, see Using the RunAsAdmin Fix. +
+
+ |
+
RunAsHighest |
+The problem occurs when administrators cannot view the read/write version of an application that presents a read-only view to standard users. +The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest. +
+Note
+For more detailed information about this application fix, see Using the RunAsHighest Fix. +
+
+ |
+
RunAsInvoker |
+The problem occurs when an application is not detected as requiring elevation. +The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest. +
+Note
+For more detailed information about this application fix, see Using the RunAsInvoker Fix. +
+
+ |
+
SecuROM7 |
+The fix repairs applications by using SecuROM7 for copy protection. |
+
SessionShim |
+The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter. +At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified. +
+Important
+Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail. +
+
+
+
+Note
+For more detailed information about this application fix, see Using the SessionShim Fix. +
+
+ |
+
SetProtocolHandler |
+The fix registers an application as a protocol handler. +You can control this fix further by typing the following command at the command prompt: +Client;Protocol;App +Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application. +
+Note
+Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash (). +
+
+ |
+
SetupCommitFileQueueIgnoreWow |
+The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers. +The fix disables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup. |
+
SharePointDesigner2007 |
+The fix resolves an application bug that severely slows the application when it runs in DWM. |
+
ShimViaEAT |
+The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue. +The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion. +
+Note
+For more information about this application fix, see Using the ShimViaEAT Fix. +
+
+ |
+
ShowWindowIE |
+The problem occurs when a web application experiences navigation and display issues because of the tabbing feature. +The fix intercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window. |
+
SierraWirelessHideCDROM |
+The fix repairs the Sierra Wireless Driver installation, thereby preventing bugcheck. |
+
Sonique2 |
+The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value. |
+
SpecificInstaller |
+The problem occurs when an application installation file fails to be picked up by the GenericInstaller function. +The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation. +
+Note
+For more detailed information about this application fix, see Using the SpecificInstaller Fix. +
+
+ |
+
SpecificNonInstaller |
+The problem occurs when an application that is not an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function. +The fix flags the application to exclude it from detection by the GenericInstaller function. +
+Note
+For more detailed information about this application fix, see Using the SpecificNonInstaller Fix. +
+
+ |
+
SystemMetricsLie |
+The fix replaces SystemMetrics values and SystemParametersInfo values with the values of previous Windows versions. |
+
TextArt |
+The application receives different mouse coordinates with DWM ON versus DWM OFF, which causes the application to hang. This fix resolves the issue. |
+
TrimDisplayDeviceNames |
+The fix trims the names of the display devices that are returned by the EnumDisplayDevices API. |
+
UIPICompatLogging |
+The fix enables the logging of Windows messages from Internet Explorer and other processes. |
+
UIPIEnableCustomMsgs |
+The problem occurs when an application does not properly communicate with other processes because customized Windows messages are not delivered. +The fix enables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code. +You can control this fix further by typing the following command at the command prompt: +MessageString1 MessageString2 +Where MessageString1 and MessageString2 reflect the message strings that can pass. +
+Note
+Multiple message strings must be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableCustomMsgs Fix. +
+
+ |
+
UIPIEnableStandardMsgs |
+The problem occurs when an application does not communicate properly with other processes because standard Windows messages are not delivered. +The fix enables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code. +You can control this fix further by typing the following command at the command prompt: +1055 1056 1069 +Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass. +
+Note
+Multiple messages can be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableStandardMsgs Fix [act]. +
+
+ |
+
VirtualizeDeleteFileLayer |
+The fix virtualizes DeleteFile operations for applications that try to delete protected files. |
+
VirtualizeDesktopPainting |
+This fix improves the performance of a number of operations on the Desktop DC while using DWM. |
+
VirtualRegistry |
+The problem is indicated when a Component failed to be located error message displays when an application is started. +The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on. +For more detailed information about this application fix, see Using the VirtualRegistry Fix. |
+
VirtualizeDeleteFile |
+The problem occurs when several error messages display and the application cannot delete files. +The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted. +
+Note
+For more detailed information about this application fix, see Using the VirtualizeDeleteFile Fix. +
+
+ |
+
VirtualizeHKCRLite |
+The problem occurs when an application fails to register COM components at runtime. +The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance. +HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated. +You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix. +For more detailed information about this application fix, see Using the VirtualizeHKCRLite Fix. |
+
VirtualizeRegisterTypeLib |
+The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used. +
+Note
+For more detailed information about this application fix, see Using the VirtualizeRegisterTypelib Fix. +
+
+ |
+
WaveOutIgnoreBadFormat |
+This problem is indicated by an error message that states: Unable to initialize sound device from your audio driver; the application then closes. +The fix enables the application to ignore the format error and continue to function properly. |
+
WerDisableReportException |
+The fix turns off the silent reporting of exceptions to the Windows Error Reporting tool, including those that are reported by Object Linking and Embedding-Database (OLE DB). The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message. |
+
Win7RTM/Win8RTM |
+The layer provides the application with Windows 7/Windows 8 compatibility mode. |
+
WinxxRTMVersionLie |
+The problem occurs when an application fails because it does not find the correct version number for the required Windows operating system. +All version lie compatibility fixes address the issue whereby an application fails to function because it is checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer. |
+
Wing32SystoSys32 |
+The problem is indicated by an error message that states that the WinG library was not properly installed. +The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory. +
+Important
+The application must have Administrator privileges for this fix to work. +
+
+ |
+
WinSrv08R2RTM |
++ |
WinXPSP2VersionLie |
+The problem occurs when an application experiences issues because of a VB runtime DLL. +The fix forces the application to follow these steps: +
|
+
WRPDllRegister |
+The application fails when it tries to register a COM component that is released together with Windows Vista and later. +The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions. +You can control this fix further by typing the following command at the command prompt: +Component1.dll;Component2.dll +Where Component1.dll and Component2.dll reflect the components to be skipped. +
+Note
+For more detailed information about this application fix, see Using the WRPDllRegister Fix. +
+
+ |
+
WRPMitigation |
+The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access. +The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue. +
+Note
+For more detailed information about WRPMitigation, see Using the WRPMitigation Fix. +
+
+ |
+
WRPRegDeleteKey |
+The problem is indicated by an access denied error message that displays when the application tries to delete a registry key. +The fix verifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process. |
+
XPAfxIsValidAddress |
+The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress. |
+
| Compatibility Mode Name | +Description | +Included Compatibility Fixes | +
|---|---|---|
WinSrv03 |
+Emulates the Windows Server 2003 operating system. |
+
|
+
WinSrv03Sp1 |
+Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system. |
+
|
+
Vendor name |
-Product description |
-HWID |
-Windows Update availability |
-
Broadcom |
-802.11abgn Wireless SDIO adapter |
-sd\vid_02d0&pid_4330&fn_1 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00d6106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00f5106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00ef106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00f4106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_010e106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00e4106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_433114e4&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_010f106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Marvell |
-Yukon 88E8001/8003/8010 PCI Gigabit Ethernet |
-pci\ven_11ab&dev_4320&subsys_811a1043 |
-- | -
Marvell |
-Libertas 802.11b/g Wireless |
-pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03 |
-- | -
Qualcomm |
-Atheros AR6004 Wireless LAN Adapter |
-sd\vid_0271&pid_0401 |
-
- 64-bit driver not available |
-
Qualcomm |
-Atheros AR5BWB222 Wireless Network Adapter |
-pci\ven_168c&dev_0034&subsys_20031a56 |
-
- 64-bit driver not available |
-
Qualcomm |
-Atheros AR5BWB222 Wireless Network Adapter |
-pci\ven_168c&dev_0034&subsys_020a1028&rev_01 |
-Contact the system OEM or Qualcom for driver availability. |
-
Qualcomm |
-Atheros AR5005G Wireless Network Adapter |
-pci\ven_168c&dev_001a&subsys_04181468&rev_01 |
-- | -
Ralink |
-Wireless-G PCI Adapter |
-pci\ven_1814&dev_0301&subsys_00551737&rev_00 |
-- | -
Ralink |
-Turbo Wireless LAN Card |
-pci\ven_1814&dev_0301&subsys_25611814&rev_00 |
-- | -
Ralink |
-Wireless LAN Card V1 |
-pci\ven_1814&dev_0302&subsys_3a711186&rev_00 |
-- | -
Ralink |
-D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) |
-pci\ven_1814&dev_0302&subsys_3c091186&rev_00 |
-- | -
Vendor name |
+Product description |
+HWID |
+Windows Update availability |
+
Broadcom |
+802.11abgn Wireless SDIO adapter |
+sd\vid_02d0&pid_4330&fn_1 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00d6106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00f5106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00ef106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00f4106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_010e106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00e4106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_433114e4&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_010f106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Marvell |
+Yukon 88E8001/8003/8010 PCI Gigabit Ethernet |
+pci\ven_11ab&dev_4320&subsys_811a1043 |
++ | +
Marvell |
+Libertas 802.11b/g Wireless |
+pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03 |
++ | +
Qualcomm |
+Atheros AR6004 Wireless LAN Adapter |
+sd\vid_0271&pid_0401 |
+
+ 64-bit driver not available |
+
Qualcomm |
+Atheros AR5BWB222 Wireless Network Adapter |
+pci\ven_168c&dev_0034&subsys_20031a56 |
+
+ 64-bit driver not available |
+
Qualcomm |
+Atheros AR5BWB222 Wireless Network Adapter |
+pci\ven_168c&dev_0034&subsys_020a1028&rev_01 |
+Contact the system OEM or Qualcom for driver availability. |
+
Qualcomm |
+Atheros AR5005G Wireless Network Adapter |
+pci\ven_168c&dev_001a&subsys_04181468&rev_01 |
++ | +
Ralink |
+Wireless-G PCI Adapter |
+pci\ven_1814&dev_0301&subsys_00551737&rev_00 |
++ | +
Ralink |
+Turbo Wireless LAN Card |
+pci\ven_1814&dev_0301&subsys_25611814&rev_00 |
++ | +
Ralink |
+Wireless LAN Card V1 |
+pci\ven_1814&dev_0302&subsys_3a711186&rev_00 |
++ | +
Ralink |
+D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) |
+pci\ven_1814&dev_0302&subsys_3c091186&rev_00 |
++ | +
The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| -|Print 3D app|Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| - +--- +title: Windows 10, version 1903 - Features that have been removed +description: Learn about features that will be removed or deprecated in Windows 10, version 1903, or a future release +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +manager: laurawi +ms.author: greglin +ms.topic: article +--- +# Features removed or planned for replacement starting with Windows 10, version 1903 + +> Applies to: Windows 10, version 1903 + +Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10, version 1903. **The list below is subject to change and might not include every affected feature or functionality.** + +> [!NOTE] +> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself. + +## Features we removed or will remove soon + +The following features and functionalities are removed from the installed product image for Windows 10, version 1903, or are planned for removal in an upcoming release. Applications or code that depend on these features won't function in this release unless you use another method. + + +| Feature | Details | +|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| XDDM-based remote display driver | Starting with this release the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote indirect display driver ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | +| Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | + +## Features we’re no longer developing + +We're no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources. + +If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). + +|Feature |Details| +|-----------|---------------------| +| Taskbar settings roaming| Roaming of taskbar settings is no longer being developed and we plan to disable this capability in a future release| +|Wi-Fi WEP and TKIP|In this release a warning message will appear when connecting to Wi-Fi networks secured with WEP or TKIP, which are not as secure as those using WPA2 or WPA3. In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | +|Windows To Go|Windows To Go is no longer being developed.
The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| +|Print 3D app|Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| + diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md index 2900db198c..8716d1b086 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md @@ -23,7 +23,7 @@ Get answers to common questions around compatibility, installation, and support ### Where can I download Windows 10 Enterprise? -If you have Windows volume licenses with Software Assurance, or if you have purchased licenses for Windows 10 Enterprise volume licenses, you can download 32-bit and 64-bit versions of Windows 10 Enterprise from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). If you do not have current Software Assurance for Windows and would like to purchase volume licenses for Windows 10 Enterprise, contact your preferred Microsoft Reseller or see [How to purchase through Volume Licensing](https://www.microsoft.com/en-us/Licensing/how-to-buy/how-to-buy.aspx). +If you have Windows volume licenses with Software Assurance, or if you have purchased licenses for Windows 10 Enterprise volume licenses, you can download 32-bit and 64-bit versions of Windows 10 Enterprise from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). If you do not have current Software Assurance for Windows and would like to purchase volume licenses for Windows 10 Enterprise, contact your preferred Microsoft Reseller or see [How to purchase through Volume Licensing](https://www.microsoft.com/Licensing/how-to-buy/how-to-buy.aspx). ### What are the system requirements? @@ -35,7 +35,7 @@ Most computers that are compatible with Windows 8.1 will be compatible with Wind ### Can I evaluate Windows 10 Enterprise? -Yes, a 90-day evaluation of Windows 10 Enterprise is available through the [TechNet Evaluation Center](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise). The evaluation is available in Chinese (Simplified), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), and Spanish (Spain, International Sort). We highly recommend that organizations make use of the Windows 10 Enterprise 90-day Evaluation to try out deployment and management scenarios, test compatibility with hardware and applications, and to get hands on experience with Windows 10 Enterprise features. +Yes, a 90-day evaluation of Windows 10 Enterprise is available through the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise). The evaluation is available in Chinese (Simplified), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), and Spanish (Spain, International Sort). We highly recommend that organizations make use of the Windows 10 Enterprise 90-day Evaluation to try out deployment and management scenarios, test compatibility with hardware and applications, and to get hands on experience with Windows 10 Enterprise features. ## Drivers and compatibility @@ -56,7 +56,7 @@ Many existing Win32 and Win64 applications already run reliably on Windows 10 wi ### Is there an easy way to assess if my organization’s devices are ready to upgrade to Windows 10? -[Windows Analytics Upgrade Readiness](https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics) (formerly known as Upgrade Analytics) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements. This new service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects. You can find additional product information at [Windows Analytics](https://www.microsoft.com/en-us/WindowsForBusiness/Windows-Analytics). +[Windows Analytics Upgrade Readiness](https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics) (formerly known as Upgrade Analytics) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements. This new service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects. You can find additional product information at [Windows Analytics](https://www.microsoft.com/WindowsForBusiness/Windows-Analytics). ## Administration and deployment diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md index 36c030bdcf..03fd161f35 100644 --- a/windows/deployment/planning/windows-10-infrastructure-requirements.md +++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md @@ -1,133 +1,135 @@ ---- -title: Windows 10 infrastructure requirements (Windows 10) -description: There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. -ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: deploy, upgrade, update, hardware -ms.prod: w10 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows 10 infrastructure requirements - - -**Applies to** - -- Windows 10 - -There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. - -## High-level requirements - - -For initial Windows 10 deployments, as well as subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage. - -For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.) - -## Deployment tools - - -A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1. - -Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more). - -Microsoft Deployment Toolkit 2013 Update 1, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades. - -For System Center Configuration Manager, Windows 10 support is offered with various releases: - -| Release | Windows 10 management? | Windows 10 deployment? | -|---------------------------------------------|------------------------|------------------------------------------------| -| System Center Configuration Manager 2007 | Yes, with a hotfix | No | -| System Center Configuration Manager 2012 | Yes, with SP2 and CU1 | Yes, with SP2, CU1, and the ADK for Windows 10 | -| System Center Configuration Manager 2012 R2 | Yes, with SP1 and CU1 | Yes, with SP1, CU1, and the ADK for Windows 10 | - - ->Note: Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require System Center Configuration Manager current branch for supported management. - - -For more details about System Center Configuration Manager support for Windows 10, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md). - -## Management tools - - -In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store. - -No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features. - -Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows: - -| Product | Required version | -|----------------------------------------------------------|--------------------------| -| Advanced Group Policy Management (AGPM) | AGPM 4.0 Service Pack 3 | -| Application Virtualization (App-V) | App-V 5.1 | -| Diagnostics and Recovery Toolkit (DaRT) | DaRT 10 | -| Microsoft BitLocker Administration and Monitoring (MBAM) | MBAM 2.5 SP1 (2.5 is OK) | -| User Experience Virtualization (UE-V) | UE-V 2.1 SP1 | - - - -For more information, see the [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=625090). - -For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=625084) for more information. - -Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions: - -1. Select the **Options** node, and then click **Products and Classifications**. - -2. In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Click **OK**. - -3. From the **Synchronizations** node, right-click and choose **Synchronize Now**. - - - -Figure 1. WSUS product list with Windows 10 choices - -Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](https://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.) - -## Activation - - -Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers: - -| Product | Required update | -|----------------------------------------|---------------------------------------------------------------------------------------------| -| Windows 10 | None | -| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) | -| Windows Server 2012 and Windows 8 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) | -| Windows Server 2008 R2 and Windows 7 | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821) | - - - -Also see: [Windows Server 2016 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2016/10/19/windows-server-2016-volume-activation-tips/) - -Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys: - -- Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights. - -- For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key. - -- For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.) - -Note that Windows 10 Enterprise and Windows 10 Enterprise LTSB installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both. - -## Related topics - - -[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md) -
[Windows 10 deployment considerations](windows-10-deployment-considerations.md) -
[Windows 10 compatibility](windows-10-compatibility.md) - - - - - - - - - +--- +title: Windows 10 infrastructure requirements (Windows 10) +description: There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. +ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: deploy, upgrade, update, hardware +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Windows 10 infrastructure requirements + + +**Applies to** + +- Windows 10 + +There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. + +## High-level requirements + + +For initial Windows 10 deployments, as well as subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage. + +For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.) + +## Deployment tools + + +A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1. + +Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more). + +Microsoft Deployment Toolkit 2013 Update 1, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades. + +For System Center Configuration Manager, Windows 10 support is offered with various releases: + +| Release | Windows 10 management? | Windows 10 deployment? | +|---------------------------------------------|------------------------|------------------------------------------------| +| System Center Configuration Manager 2007 | Yes, with a hotfix | No | +| System Center Configuration Manager 2012 | Yes, with SP2 and CU1 | Yes, with SP2, CU1, and the ADK for Windows 10 | +| System Center Configuration Manager 2012 R2 | Yes, with SP1 and CU1 | Yes, with SP1, CU1, and the ADK for Windows 10 | + + +> [!NOTE] +> Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require System Center Configuration Manager current branch for supported management. + + +For more details about System Center Configuration Manager support for Windows 10, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md). + +## Management tools + + +In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store. + +No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features. + +Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows: + +| Product | Required version | +|----------------------------------------------------------|--------------------------| +| Advanced Group Policy Management (AGPM) | AGPM 4.0 Service Pack 3 | +| Application Virtualization (App-V) | App-V 5.1 | +| Diagnostics and Recovery Toolkit (DaRT) | DaRT 10 | +| Microsoft BitLocker Administration and Monitoring (MBAM) | MBAM 2.5 SP1 (2.5 is OK) | +| User Experience Virtualization (UE-V) | UE-V 2.1 SP1 | + + + +For more information, see the [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=625090). + +For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=625084) for more information. + +Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions: + +1. Select the **Options** node, and then click **Products and Classifications**. + +2. In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Click **OK**. + +3. From the **Synchronizations** node, right-click and choose **Synchronize Now**. + + + +Figure 1. WSUS product list with Windows 10 choices + +Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](https://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.) + +## Activation + + +Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers: + +| Product | Required update | +|----------------------------------------|---------------------------------------------------------------------------------------------| +| Windows 10 | None | +| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) | +| Windows Server 2012 and Windows 8 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) | +| Windows Server 2008 R2 and Windows 7 | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821) | + + + +Also see: [Windows Server 2016 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2016/10/19/windows-server-2016-volume-activation-tips/) + +Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys: + +- Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights. + +- For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key. + +- For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.) + +Note that Windows 10 Enterprise and Windows 10 Enterprise LTSB installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both. + +## Related topics + + +[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md) +
[Windows 10 deployment considerations](windows-10-deployment-considerations.md) +
[Windows 10 compatibility](windows-10-compatibility.md) + + + + + + + + + diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md index c48af35d6e..40c4c03e81 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md @@ -1,462 +1,463 @@ ---- -title: Windows To Go frequently asked questions (Windows 10) -description: Windows To Go frequently asked questions -ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: FAQ, mobile, device, USB -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: mobility -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows To Go: frequently asked questions - - -**Applies to** - -- Windows 10 - ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. - -The following list identifies some commonly asked questions about Windows To Go. - -- [What is Windows To Go?](#wtg-faq-whatis) - -- [Does Windows To Go rely on virtualization?](#wtg-faq-virt) - -- [Who should use Windows To Go?](#wtg-faq-who) - -- [How can Windows To Go be deployed in an organization?](#wtg-faq-deploy) - -- [Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?](#wtg-faq-usbvs) - -- [Is Windows To Go supported on USB 2.0 and USB 3.0 ports?](#wtg-faq-usbports) - -- [How do I identify a USB 3.0 port?](#wtg-faq-usb3port) - -- [Does Windows To Go run faster on a USB 3.0 port?](#wtg-faq-usb3speed) - -- [Can the user self-provision Windows To Go?](#wtg-faq-selfpro) - -- [How can Windows To Go be managed in an organization?](#wtg-faq-mng) - -- [How do I make my computer boot from USB?](#wtf-faq-startup) - -- [Why isn’t my computer booting from USB?](#wtg-faq-noboot) - -- [What happens if I remove my Windows To Go drive while it is running?](#wtg-faq-surprise) - -- [Can I use BitLocker to protect my Windows To Go drive?](#wtg-faq-bitlocker) - -- [Why can’t I enable BitLocker from Windows To Go Creator?](#wtg-faq-blfail) - -- [What power states does Windows To Go support?](#wtg-faq-power) - -- [Why is hibernation disabled in Windows To Go?](#wtg-faq-hibernate) - -- [Does Windows To Go support crash dump analysis?](#wtg-faq-crashdump) - -- [Do “Windows To Go Startup Options” work with dual boot computers?](#wtg-faq-dualboot) - -- [I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not?](#wtg-faq-diskpart) - -- [I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not?](#wtg-faq-san4) - -- [Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?](#wtg-faq-fatmbr) - -- [Is Windows To Go secure if I use it on an untrusted machine?](#wtg-faq-malhost) - -- [Does Windows To Go work with ARM processors?](#wtg-faq-arm) - -- [Can I synchronize data from Windows To Go with my other computer?](#wtg-faq-datasync) - -- [What size USB Flash Drive do I need to make a Windows To Go drive?](#wtg-faq-usbsz) - -- [Do I need to activate Windows To Go every time I roam?](#wtg-faq-roamact) - -- [Can I use all Windows features on Windows To Go?](#wtg-faq-features) - -- [Can I use all my applications on Windows To Go?](#wtg-faq-approam) - -- [Does Windows To Go work slower than standard Windows?](#wtg-faq-slow) - -- [If I lose my Windows To Go drive, will my data be safe?](#wtg-faq-safeloss) - -- [Can I boot Windows To Go on a Mac?](#wtg-faq-mac) - -- [Are there any APIs that allow applications to identify a Windows To Go workspace?](#wtg-faq-api) - -- [How is Windows To Go licensed?](#wtg-faq-lic) - -- [Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive?](#wtg-faq-recovery) - -- [Why won’t Windows To Go work on a computer running Windows XP or Windows Vista?](#wtg-faq-oldos) - -- [Why does the operating system on the host computer matter?](#wtg-faq-oldos2) - -- [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#wtg-faq-blreckey) - -- [I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it?](#wtg-faq-reformat) - -- [Why do I keep on getting the message “Installing devices…” when I boot Windows To Go?](#bkmk-roamconflict) - -- [How do I upgrade the operating system on my Windows To Go drive?](#bkmk-upgradewtg) - -## What is Windows To Go? - - -Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs. - -## Does Windows To Go rely on virtualization? - - -No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It is just like a laptop hard drive with Windows 8 that has been put into a USB enclosure. - -## Who should use Windows To Go? - - -Windows To Go was designed for enterprise usage and targets scenarios such as continuance of operations, contractors, managed free seating, traveling workers, and work from home. - -## How can Windows To Go be deployed in an organization? - - -Windows To Go can be deployed using standard Windows deployment tools like Diskpart and DISM. The prerequisites for deploying Windows To Go are: - -- A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware) - -- A Windows 10 Enterprise or Windows 10 Education image - -- A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys - -You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process. - -## Is Windows To Go supported on both USB 2.0 and USB 3.0 drives? - - -No. Windows To Go is supported on USB 3.0 drives that are certified for Windows To Go. - -## Is Windows To Go supported on USB 2.0 and USB 3.0 ports? - - -Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later. - -## How do I identify a USB 3.0 port? - - -USB 3.0 ports are usually marked blue or carry a SS marking on the side. - -## Does Windows To Go run faster on a USB 3.0 port? - - -Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows To Go drive running on a USB 3.0 port will operate considerably faster. This speed increase applies to both drive provisioning and when the drive is being used as a workspace. - -## Can the user self-provision Windows To Go? - - -Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746). - -## How can Windows To Go be managed in an organization? - - -Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like System Center Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network. - -## How do I make my computer boot from USB? - - -For host computers running Windows 10 - -- Using Cortana, search for **Windows To Go startup options**, and then press Enter. -- In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB. - -For host computers running Windows 8 or Windows 8.1: - -Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter. - -In the **Windows To Go Startup Options** dialog box select **Yes** and then click **Save Changes** to configure the computer to boot from USB. - -**Note** -Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization. - - - -If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually. - -To do this, early during boot time (usually when you see the manufacturer’s logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer’s site to be sure if you do not know which key to use to enter firmware setup.) - -After you have entered firmware setup, make sure that boot from USB is enabled. Then change the boot order to boot from USB drives first. - -Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis. - -For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951). - -**Warning** -Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive. - - - -## Why isn’t my computer booting from USB? - - -Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation: - -1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device. - -2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don’t support booting from a device connected to a USB 3 PCI add-on card or external USB hubs. - -3. If the computer is not booting from a USB 3.0 port, try to boot from a USB 2.0 port. - -If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support. - -## What happens if I remove my Windows To Go drive while it is running? - - -If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive is not reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds. - -**Warning** -You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive. - - - -## Can I use BitLocker to protect my Windows To Go drive? - - -Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you will be prompted to enter this password every time you use the Windows To Go workspace. - -## Why can’t I enable BitLocker from Windows To Go Creator? - - -Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three sub-folders for fixed, operating system and removable data drive types. - -When you are using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation: - -1. **Control use of BitLocker on removable drives** - - If this setting is disabled BitLocker cannot be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive. - -2. **Configure use of smart cards on removable data drives** - - If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you have not already signed on using your smart card credentials before starting the Windows To Go Creator wizard. - -3. **Configure use of passwords for removable data drives** - - If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection is not available, the Windows To Go Creator wizard will fail to enable BitLocker. - -Additionally, the Windows To Go Creator will disable the BitLocker option if the drive does not have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go. - -## What power states does Windows To Go support? - - -Windows To Go supports all power states except the hibernate class of power states, which include hybrid boot, hybrid sleep, and hibernate. This default behavior can be modified by using Group Policy settings to enable hibernation of the Windows To Go workspace. - -## Why is hibernation disabled in Windows To Go? - - -When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you are confident that you will only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc). - -## Does Windows To Go support crash dump analysis? - - -Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0. - -## Do “Windows To Go Startup Options” work with dual boot computers? - - -Yes, if both operating systems are running the Windows 8 operating system. Enabling “Windows To Go Startup Options” should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on. - -If you have configured a dual boot computer with a Windows operating system and another operating system it might work occasionally and fail occasionally. Using this configuration is unsupported. - -## I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not? - - -Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That’s why you can’t see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter. - -**Warning** -It is strongly recommended that you do not plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised. - - - -## I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not? - - -Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That’s why you can’t see the internal hard drives of the host computer when you are booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive. - -**Warning** -It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. - - - -## Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition? - - -This is done to allow Windows To Go to boot from UEFI and legacy systems. - -## Is Windows To Go secure if I use it on an untrusted computer? - - -While you are more secure than if you use a completely untrusted operating system, you are still vulnerable to attacks from the firmware or anything that runs before Windows To Go starts. If you plug your Windows To Go drive into a running untrusted computer, your Windows To Go drive can be compromised because any malicious software that might be active on the computer can access the drive. - -## Does Windows To Go work with ARM processors? - - -No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors. - -## Can I synchronize data from Windows To Go with my other computer? - - -To get your data across all your computers, we recommend using folder redirection and client side caching to store copies of your data on a server while giving you offline access to the files you need. - -## What size USB flash drive do I need to make a Windows To Go drive? - - -The size constraints are the same as full Windows. To ensure that you have enough space for Windows, your data, and your applications, we recommend USB drives that are a minimum of 20 GB in size. - -## Do I need to activate Windows To Go every time I roam? - - -No, Windows To Go requires volume activation; either using the [Key Management Service](https://go.microsoft.com/fwlink/p/?LinkId=619051) (KMS) server in your organization or using [Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=619053) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days. - -## Can I use all Windows features on Windows To Go? - - -Yes, with some minor exceptions, you can use all Windows features with your Windows To Go workspace. The only currently unsupported features are using the Windows Recovery Environment and PC Reset & Refresh. - -## Can I use all my applications on Windows To Go? - - -Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time. - -## Does Windows To Go work slower than standard Windows? - - -If you are using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you are booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds. - -## If I lose my Windows To Go drive, will my data be safe? - - -Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user will not be able to access your data without your password. If you don’t enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive. - -## Can I boot Windows To Go on a Mac? - - -We are committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers are not certified for use with Windows 7 or later, using Windows To Go is not supported on a Mac. - -## Are there any APIs that allow applications to identify a Windows To Go workspace? - - -Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true it means that the operating system was booted from an external USB device. - -Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment. - -For more information, see the MSDN article on the [Win32\_OperatingSystem class](https://go.microsoft.com/fwlink/p/?LinkId=619059). - -## How is Windows To Go licensed? - - -Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC. - -## Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive? - - -No, use of Windows Recovery Environment is not supported on Windows To Go. It is recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should re-provision the workspace. - -## Why won’t Windows To Go work on a computer running Windows XP or Windows Vista? - - -Actually it might. If you have purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you have configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports. - -## Why does the operating system on the host computer matter? - - -It doesn’t other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer cannot boot from USB there is no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected. - -## My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go? - - -The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary. - -You can reset the BitLocker system measurements to incorporate the new boot order using the following steps: - -1. Log on to the host computer using an account with administrator privileges. - -2. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. - -3. Click **Suspend Protection** for the operating system drive. - - A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive. - -4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki. - -5. Restart the computer again and then log on to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.) - -6. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. - -7. Click **Resume Protection** to re-enable BitLocker protection. - -The host computer will now be able to be booted from a USB drive without triggering recovery mode. - -**Note** -The default BitLocker protection profile in Windows 8 or later does not monitor the boot order. - - - -## I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it? - - -Reformatting the drive erases the data on the drive, but doesn’t reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps: - -1. Open a command prompt with full administrator permissions. - - **Note** - If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them. - - - -2. Start the [diskpart](https://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt. - -3. Use the `select disk` command to identify the drive. If you do not know the drive number, use the `list` command to display the list of disks available. - -4. After selecting the disk, run the `clean` command to remove all data, formatting, and initialization information from the drive. - -## Why do I keep on getting the message “Installing devices…” when I boot Windows To Go? - - -One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers which are not present on the new configuration. In general this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations. - -In certain cases, third party drivers for different hardware models or versions can reuse device ID’s, driver file names, registry keys (or any other operating system constructs which do not support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID’s, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver. - -This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message “Installing devices…” displaying every time that a Windows to Go drive is roamed between two PCs which require conflicting drivers. - -## How do I upgrade the operating system on my Windows To Go drive? - - -There is no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be re-imaged with a new version of Windows in order to transition to the new operating system version. - -## Additional resources - - -- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949) - -- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950) - -- [Windows To Go: feature overview](windows-to-go-overview.md) - -- [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md) - -- [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md) - -- [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md) - - - - - - - - - +--- +title: Windows To Go frequently asked questions (Windows 10) +description: Windows To Go frequently asked questions +ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: FAQ, mobile, device, USB +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: mobility +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Windows To Go: frequently asked questions + + +**Applies to** + +- Windows 10 + +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + +The following list identifies some commonly asked questions about Windows To Go. + +- [What is Windows To Go?](#wtg-faq-whatis) + +- [Does Windows To Go rely on virtualization?](#wtg-faq-virt) + +- [Who should use Windows To Go?](#wtg-faq-who) + +- [How can Windows To Go be deployed in an organization?](#wtg-faq-deploy) + +- [Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?](#wtg-faq-usbvs) + +- [Is Windows To Go supported on USB 2.0 and USB 3.0 ports?](#wtg-faq-usbports) + +- [How do I identify a USB 3.0 port?](#wtg-faq-usb3port) + +- [Does Windows To Go run faster on a USB 3.0 port?](#wtg-faq-usb3speed) + +- [Can the user self-provision Windows To Go?](#wtg-faq-selfpro) + +- [How can Windows To Go be managed in an organization?](#wtg-faq-mng) + +- [How do I make my computer boot from USB?](#wtf-faq-startup) + +- [Why isn’t my computer booting from USB?](#wtg-faq-noboot) + +- [What happens if I remove my Windows To Go drive while it is running?](#wtg-faq-surprise) + +- [Can I use BitLocker to protect my Windows To Go drive?](#wtg-faq-bitlocker) + +- [Why can’t I enable BitLocker from Windows To Go Creator?](#wtg-faq-blfail) + +- [What power states does Windows To Go support?](#wtg-faq-power) + +- [Why is hibernation disabled in Windows To Go?](#wtg-faq-hibernate) + +- [Does Windows To Go support crash dump analysis?](#wtg-faq-crashdump) + +- [Do “Windows To Go Startup Options” work with dual boot computers?](#wtg-faq-dualboot) + +- [I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not?](#wtg-faq-diskpart) + +- [I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not?](#wtg-faq-san4) + +- [Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?](#wtg-faq-fatmbr) + +- [Is Windows To Go secure if I use it on an untrusted machine?](#wtg-faq-malhost) + +- [Does Windows To Go work with ARM processors?](#wtg-faq-arm) + +- [Can I synchronize data from Windows To Go with my other computer?](#wtg-faq-datasync) + +- [What size USB Flash Drive do I need to make a Windows To Go drive?](#wtg-faq-usbsz) + +- [Do I need to activate Windows To Go every time I roam?](#wtg-faq-roamact) + +- [Can I use all Windows features on Windows To Go?](#wtg-faq-features) + +- [Can I use all my applications on Windows To Go?](#wtg-faq-approam) + +- [Does Windows To Go work slower than standard Windows?](#wtg-faq-slow) + +- [If I lose my Windows To Go drive, will my data be safe?](#wtg-faq-safeloss) + +- [Can I boot Windows To Go on a Mac?](#wtg-faq-mac) + +- [Are there any APIs that allow applications to identify a Windows To Go workspace?](#wtg-faq-api) + +- [How is Windows To Go licensed?](#wtg-faq-lic) + +- [Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive?](#wtg-faq-recovery) + +- [Why won’t Windows To Go work on a computer running Windows XP or Windows Vista?](#wtg-faq-oldos) + +- [Why does the operating system on the host computer matter?](#wtg-faq-oldos2) + +- [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#wtg-faq-blreckey) + +- [I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it?](#wtg-faq-reformat) + +- [Why do I keep on getting the message “Installing devices…” when I boot Windows To Go?](#bkmk-roamconflict) + +- [How do I upgrade the operating system on my Windows To Go drive?](#bkmk-upgradewtg) + +## What is Windows To Go? + + +Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs. + +## Does Windows To Go rely on virtualization? + + +No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It is just like a laptop hard drive with Windows 8 that has been put into a USB enclosure. + +## Who should use Windows To Go? + + +Windows To Go was designed for enterprise usage and targets scenarios such as continuance of operations, contractors, managed free seating, traveling workers, and work from home. + +## How can Windows To Go be deployed in an organization? + + +Windows To Go can be deployed using standard Windows deployment tools like Diskpart and DISM. The prerequisites for deploying Windows To Go are: + +- A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware) + +- A Windows 10 Enterprise or Windows 10 Education image + +- A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys + +You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process. + +## Is Windows To Go supported on both USB 2.0 and USB 3.0 drives? + + +No. Windows To Go is supported on USB 3.0 drives that are certified for Windows To Go. + +## Is Windows To Go supported on USB 2.0 and USB 3.0 ports? + + +Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later. + +## How do I identify a USB 3.0 port? + + +USB 3.0 ports are usually marked blue or carry a SS marking on the side. + +## Does Windows To Go run faster on a USB 3.0 port? + + +Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows To Go drive running on a USB 3.0 port will operate considerably faster. This speed increase applies to both drive provisioning and when the drive is being used as a workspace. + +## Can the user self-provision Windows To Go? + + +Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746). + +## How can Windows To Go be managed in an organization? + + +Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like System Center Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network. + +## How do I make my computer boot from USB? + + +For host computers running Windows 10 + +- Using Cortana, search for **Windows To Go startup options**, and then press Enter. +- In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB. + +For host computers running Windows 8 or Windows 8.1: + +Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter. + +In the **Windows To Go Startup Options** dialog box select **Yes** and then click **Save Changes** to configure the computer to boot from USB. + +> [!NOTE] +> Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization. + + + +If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually. + +To do this, early during boot time (usually when you see the manufacturer’s logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer’s site to be sure if you do not know which key to use to enter firmware setup.) + +After you have entered firmware setup, make sure that boot from USB is enabled. Then change the boot order to boot from USB drives first. + +Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis. + +For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951). + +**Warning** +Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive. + + + +## Why isn’t my computer booting from USB? + + +Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation: + +1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device. + +2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don’t support booting from a device connected to a USB 3 PCI add-on card or external USB hubs. + +3. If the computer is not booting from a USB 3.0 port, try to boot from a USB 2.0 port. + +If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support. + +## What happens if I remove my Windows To Go drive while it is running? + + +If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive is not reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds. + +**Warning** +You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive. + + + +## Can I use BitLocker to protect my Windows To Go drive? + + +Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you will be prompted to enter this password every time you use the Windows To Go workspace. + +## Why can’t I enable BitLocker from Windows To Go Creator? + + +Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three sub-folders for fixed, operating system and removable data drive types. + +When you are using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation: + +1. **Control use of BitLocker on removable drives** + + If this setting is disabled BitLocker cannot be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive. + +2. **Configure use of smart cards on removable data drives** + + If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you have not already signed on using your smart card credentials before starting the Windows To Go Creator wizard. + +3. **Configure use of passwords for removable data drives** + + If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection is not available, the Windows To Go Creator wizard will fail to enable BitLocker. + +Additionally, the Windows To Go Creator will disable the BitLocker option if the drive does not have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go. + +## What power states does Windows To Go support? + + +Windows To Go supports all power states except the hibernate class of power states, which include hybrid boot, hybrid sleep, and hibernate. This default behavior can be modified by using Group Policy settings to enable hibernation of the Windows To Go workspace. + +## Why is hibernation disabled in Windows To Go? + + +When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you are confident that you will only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc). + +## Does Windows To Go support crash dump analysis? + + +Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0. + +## Do “Windows To Go Startup Options” work with dual boot computers? + + +Yes, if both operating systems are running the Windows 8 operating system. Enabling “Windows To Go Startup Options” should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on. + +If you have configured a dual boot computer with a Windows operating system and another operating system it might work occasionally and fail occasionally. Using this configuration is unsupported. + +## I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not? + + +Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That’s why you can’t see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter. + +**Warning** +It is strongly recommended that you do not plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised. + + + +## I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not? + + +Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That’s why you can’t see the internal hard drives of the host computer when you are booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive. + +**Warning** +It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. + + + +## Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition? + + +This is done to allow Windows To Go to boot from UEFI and legacy systems. + +## Is Windows To Go secure if I use it on an untrusted computer? + + +While you are more secure than if you use a completely untrusted operating system, you are still vulnerable to attacks from the firmware or anything that runs before Windows To Go starts. If you plug your Windows To Go drive into a running untrusted computer, your Windows To Go drive can be compromised because any malicious software that might be active on the computer can access the drive. + +## Does Windows To Go work with ARM processors? + + +No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors. + +## Can I synchronize data from Windows To Go with my other computer? + + +To get your data across all your computers, we recommend using folder redirection and client side caching to store copies of your data on a server while giving you offline access to the files you need. + +## What size USB flash drive do I need to make a Windows To Go drive? + + +The size constraints are the same as full Windows. To ensure that you have enough space for Windows, your data, and your applications, we recommend USB drives that are a minimum of 20 GB in size. + +## Do I need to activate Windows To Go every time I roam? + + +No, Windows To Go requires volume activation; either using the [Key Management Service](https://go.microsoft.com/fwlink/p/?LinkId=619051) (KMS) server in your organization or using [Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=619053) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days. + +## Can I use all Windows features on Windows To Go? + + +Yes, with some minor exceptions, you can use all Windows features with your Windows To Go workspace. The only currently unsupported features are using the Windows Recovery Environment and PC Reset & Refresh. + +## Can I use all my applications on Windows To Go? + + +Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time. + +## Does Windows To Go work slower than standard Windows? + + +If you are using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you are booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds. + +## If I lose my Windows To Go drive, will my data be safe? + + +Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user will not be able to access your data without your password. If you don’t enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive. + +## Can I boot Windows To Go on a Mac? + + +We are committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers are not certified for use with Windows 7 or later, using Windows To Go is not supported on a Mac. + +## Are there any APIs that allow applications to identify a Windows To Go workspace? + + +Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true it means that the operating system was booted from an external USB device. + +Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment. + +For more information, see the MSDN article on the [Win32\_OperatingSystem class](https://go.microsoft.com/fwlink/p/?LinkId=619059). + +## How is Windows To Go licensed? + + +Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC. + +## Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive? + + +No, use of Windows Recovery Environment is not supported on Windows To Go. It is recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should re-provision the workspace. + +## Why won’t Windows To Go work on a computer running Windows XP or Windows Vista? + + +Actually it might. If you have purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you have configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports. + +## Why does the operating system on the host computer matter? + + +It doesn’t other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer cannot boot from USB there is no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected. + +## My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go? + + +The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary. + +You can reset the BitLocker system measurements to incorporate the new boot order using the following steps: + +1. Log on to the host computer using an account with administrator privileges. + +2. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. + +3. Click **Suspend Protection** for the operating system drive. + + A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive. + +4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki. + +5. Restart the computer again and then log on to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.) + +6. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. + +7. Click **Resume Protection** to re-enable BitLocker protection. + +The host computer will now be able to be booted from a USB drive without triggering recovery mode. + +> [!NOTE] +> The default BitLocker protection profile in Windows 8 or later does not monitor the boot order. + + + +## I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it? + + +Reformatting the drive erases the data on the drive, but doesn’t reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps: + +1. Open a command prompt with full administrator permissions. + + > [!NOTE] + > If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them. + + + +2. Start the [diskpart](https://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt. + +3. Use the `select disk` command to identify the drive. If you do not know the drive number, use the `list` command to display the list of disks available. + +4. After selecting the disk, run the `clean` command to remove all data, formatting, and initialization information from the drive. + +## Why do I keep on getting the message “Installing devices…” when I boot Windows To Go? + + +One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers which are not present on the new configuration. In general this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations. + +In certain cases, third party drivers for different hardware models or versions can reuse device ID’s, driver file names, registry keys (or any other operating system constructs which do not support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID’s, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver. + +This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message “Installing devices…” displaying every time that a Windows to Go drive is roamed between two PCs which require conflicting drivers. + +## How do I upgrade the operating system on my Windows To Go drive? + + +There is no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be re-imaged with a new version of Windows in order to transition to the new operating system version. + +## Additional resources + + +- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949) + +- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950) + +- [Windows To Go: feature overview](windows-to-go-overview.md) + +- [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md) + +- [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md) + +- [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md) + + + + + + + + + diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 3ed1e2e88c..14a975949c 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -1,284 +1,285 @@ ---- -title: Windows To Go feature overview (Windows 10) -description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. -ms.assetid: 9df82b03-acba-442c-801d-56db241f8d42 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: workspace, mobile, installation, image, USB, device, image, edu -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: mobility, edu -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows To Go: feature overview - - -**Applies to** - -- Windows 10 - ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. - -Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. - -PCs that meet the Windows 7 or later [certification requirements](https://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go: - -- [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif) -- [Roaming with Windows To Go](#bkmk-wtgroam) -- [Prepare for Windows To Go](#wtg-prep-intro) -- [Hardware considerations for Windows To Go](#wtg-hardware) - -**Note** -Windows To Go is not supported on Windows RT. - - - -## Differences between Windows To Go and a typical installation of Windows - - -Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are: - -- **Internal disks are offline.** To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer. - -- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers. - -- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings. - -- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows. - -- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer’s standard for the computer doesn’t apply when running a Windows To Go workspace, so the feature was disabled. - -- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows. - -## Roaming with Windows To Go - - -Windows To Go drives can be booted on multiple computers. When a Windows To Go workspace is first booted on a host computer it will detect all hardware on the computer and install any needed drivers. When the Windows To Go workspace is subsequently booted on that host computer it will be able to identify the host computer and load the correct set of drivers automatically. - -The applications that you want to use from the Windows To Go workspace should be tested to make sure they also support roaming. Some applications bind to the computer hardware which will cause difficulties if the workspace is being used with multiple host computers. - -## Prepare for Windows To Go - - -Enterprises install Windows on a large group of computers either by using configuration management software (such as System Center Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool. - -These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) to review deployment tools available. - -**Important** -Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported. - - - -As you decide what to include in your Windows To Go image, be sure to consider the following questions: - -Are there any drivers that you need to inject into the image? - -How will data be stored and synchronized to appropriate locations from the USB device? - -Are there any applications that are incompatible with Windows To Go roaming that should not be included in the image? - -What should be the architecture of the image - 32bit/64bit? - -What remote connectivity solution should be supported in the image if Windows To Go is used outside the corporate network? - -For more information about designing and planning your Windows To Go deployment, see [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md). - -## Hardware considerations for Windows To Go - - -**For USB drives** - -The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 10 from a USB drive. The optimizations for Windows To Go include the following: - -- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly. - -- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later. - -- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details. - -As of the date of publication, the following are the USB drives currently certified for use as Windows To Go drives: - -**Warning** -Using a USB drive that has not been certified is not supported - - - -- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714)) - -- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717)) - -- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718)) - -- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719)) - -- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) - - We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace. - -- Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) - - **Important** - You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720). - - - -- Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) - - **Tip** - This device contains an embedded smart card. - - - -- Super Talent Express RC4 for Windows To Go - - -and- - - Super Talent Express RC8 for Windows To Go - - ([http://www.supertalent.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618721)) - -- Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)) - - We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go. For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722) - -**For host computers** - -When assessing the use of a PC as a host for a Windows To Go workspace you should consider the following criteria: - -- Hardware that has been certified for use with Windows 7or later operating systems will work well with Windows To Go. - -- Running a Windows To Go workspace from a computer that is running Windows RT is not a supported scenario. - -- Running a Windows To Go workspace on a Mac computer is not a supported scenario. - -The following table details the characteristics that the host computer must have to be used with Windows To Go: - -
| Item | -Requirement | -
|---|---|
Boot process |
-Capable of USB boot |
-
Firmware |
-USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB) |
-
Processor architecture |
-Must support the image on the Windows To Go drive |
-
External USB Hubs |
-Not supported; connect the Windows To Go drive directly to the host machine |
-
Processor |
-1 Ghz or faster |
-
RAM |
-2 GB or greater |
-
Graphics |
-DirectX 9 graphics device with WDDM 1.2 or greater driver |
-
USB port |
-USB 2.0 port or greater |
-
| Host PC Firmware Type | -Host PC Processor Architecture | -Compatible Windows To Go Image Architecture | -
|---|---|---|
Legacy BIOS |
-32-bit |
-32-bit only |
-
Legacy BIOS |
-64-bit |
-32-bit and 64-bit |
-
UEFI BIOS |
-32-bit |
-32-bit only |
-
UEFI BIOS |
-64-bit |
-64-bit only |
-
| Item | +Requirement | +
|---|---|
Boot process |
+Capable of USB boot |
+
Firmware |
+USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB) |
+
Processor architecture |
+Must support the image on the Windows To Go drive |
+
External USB Hubs |
+Not supported; connect the Windows To Go drive directly to the host machine |
+
Processor |
+1 Ghz or faster |
+
RAM |
+2 GB or greater |
+
Graphics |
+DirectX 9 graphics device with WDDM 1.2 or greater driver |
+
USB port |
+USB 2.0 port or greater |
+
| Host PC Firmware Type | +Host PC Processor Architecture | +Compatible Windows To Go Image Architecture | +
|---|---|---|
Legacy BIOS |
+32-bit |
+32-bit only |
+
Legacy BIOS |
+64-bit |
+32-bit and 64-bit |
+
UEFI BIOS |
+32-bit |
+32-bit only |
+
UEFI BIOS |
+64-bit |
+64-bit only |
+
-Simplified updates
+Simplified updates
Windows 10 end user readiness
diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md
index 0216aec2c1..0214e53ad8 100644
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@@ -166,6 +166,6 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 305917b360..01850db7f6 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -234,6 +234,6 @@ If you downloaded the SetupDiag.exe program to your computer, then copied it to [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 34e22a7ab7..15c4156866 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -504,7 +504,7 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
See Windows 10 specifications for information.
See Windows 10 specifications for information.
-Download and run the media creation tool. See Download windows 10. +Download and run the media creation tool. See Download windows 10.
Attempt to upgrade using .ISO or USB.
Note: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the Volume Licensing Service Center.
Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/).
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index af24d3c075..3a7f854132 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -58,7 +58,7 @@ See the following topics in this article: [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index a34a0b7891..f468627408 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -334,54 +334,54 @@ Each rule name and its associated unique rule identifier are listed with a descr 06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center. - - All date and time outputs are updated to localized format per user request. - - Added setup Operation and Phase information to /verbose log. - - Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below). - - Performance improvement in searching setupact.logs to determine correct log to parse. - - Added SetupDiag version number to text report (xml and json always had it). - - Added "no match" reports for xml and json per user request. - - Formatted Json output for easy readability. - - Performance improvements when searching for setup logs; this should be much faster now. - - Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information. - - Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** - - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode. - - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date. - - This registry key also gets deleted when a new update instance is invoked. - - For an example, see [Sample registry key](#sample-registry-key). +- All date and time outputs are updated to localized format per user request. +- Added setup Operation and Phase information to /verbose log. +- Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below). +- Performance improvement in searching setupact.logs to determine correct log to parse. +- Added SetupDiag version number to text report (xml and json always had it). +- Added "no match" reports for xml and json per user request. +- Formatted Json output for easy readability. +- Performance improvements when searching for setup logs; this should be much faster now. +- Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information. +- Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag** + - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode. + - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date. + - This registry key also gets deleted when a new update instance is invoked. + - For an example, see [Sample registry key](#sample-registry-key). 05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center. - - This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset). +- This release dds the ability to find and diagnose reset and recovery failures (Push Button Reset). 12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center. - - This release includes major improvements in rule processing performance: ~3x faster rule processing performance! - - The FindDownlevelFailure rule is up to 10x faster. - - New rules have been added to analyze failures upgrading to Windows 10 version 1809. - - A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure. - - Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode. - - Some functional and output improvements were made for several rules. +- This release includes major improvements in rule processing performance: ~3x faster rule processing performance! + - The FindDownlevelFailure rule is up to 10x faster. +- New rules have been added to analyze failures upgrading to Windows 10 version 1809. +- A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure. +- Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode. +- Some functional and output improvements were made for several rules. 07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center. - - This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed. +- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed. 07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center. - - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues. - - New feature: Ability to output logs in JSON and XML format. - - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic. - - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text. - - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive. - - 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed. +- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues. +- New feature: Ability to output logs in JSON and XML format. + - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic. + - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text. +- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive. +- 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed. 05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center. - - Fixed a bug in device install failure detection in online mode. - - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. - - Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. +- Fixed a bug in device install failure detection in online mode. +- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. +- Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. 05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center. - - A performance enhancment has been added to result in faster rule processing. - - Rules output now includes links to support articles, if applicable. - - SetupDiag now provides the path and name of files that it is processing. - - You can now run SetupDiag by simply clicking on it and then examining the output log file. - - An output log file is now always created, whether or not a rule was matched. +- A performance enhancment has been added to result in faster rule processing. +- Rules output now includes links to support articles, if applicable. +- SetupDiag now provides the path and name of files that it is processing. +- You can now run SetupDiag by simply clicking on it and then examining the output log file. +- An output log file is now always created, whether or not a rule was matched. 03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center. diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md index 6f6bde4fba..64716a73e7 100644 --- a/windows/deployment/upgrade/submit-errors.md +++ b/windows/deployment/upgrade/submit-errors.md @@ -29,7 +29,7 @@ This topic describes how to submit problems with a Windows 10 upgrade to Microso ## About the Feedback Hub -The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool. You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/en-us/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0). +The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool. You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0). The Feedback Hub requires Windows 10 or Windows 10 mobile. If you are having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information, but you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you are upgrading to Windows 10 from a previous verion of Windows 10, the Feedback Hub will collect log files automatically. diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index b252ff670a..c9509188a3 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -92,6 +92,6 @@ WIM = Windows image (Microsoft) [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index f06c6fb87b..0dd0d042c6 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -154,6 +154,6 @@ For example: An extend code of **0x4000D**, represents a problem during phase 4 [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index 3078890be7..582f5bb732 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -31,7 +31,7 @@ If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Window > [!NOTE] > Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance. -See [Windows 10 Specifications](https://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements. +See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) for additional information about computer system requirements. ### Windows 10 diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index 72345c3d54..d683bd63b3 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -138,7 +138,7 @@ Downgrading from Enterprise - Upgrade edition: **Enterprise** - Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education** -You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/en-us/download/details.aspx?id=11091). +You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/download/details.aspx?id=11091). ### Supported Windows 10 downgrade paths diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index f0f918ef4a..77f1ae38b0 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -68,6 +68,6 @@ The event will also contain links to log files that can be used to perform a det [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index 1ed8638bcc..7ba4d88b2d 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -29,13 +29,13 @@ Deployment instructions are provided for the following scenarios: - VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later. - VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined. - VMs must be generation 1. -- VMs must hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH). +- VMs must hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) (QMTH). ## Activation ### Scenario 1 - The VM is running Windows 10, version 1803 or later. -- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH). +- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) (QMTH). When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure. @@ -45,7 +45,7 @@ Deployment instructions are provided for the following scenarios: [Inherited Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account. ### Scenario 3 -- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) partner. +- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) partner. In this scenario, the underlying Windows 10 Pro license must be activated prior to Subscription Activation of Windows 10 Enterprise. Activation is accomplished using a Windows 10 Pro Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server on your corporate network can be used if you have configured a private connection, such as [ExpressRoute](https://azure.microsoft.com/services/expressroute/) or [VPN Gateway](https://azure.microsoft.com/services/vpn-gateway/). diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md index 6b45127282..e241930c1e 100644 --- a/windows/deployment/windows-10-enterprise-e3-overview.md +++ b/windows/deployment/windows-10-enterprise-e3-overview.md @@ -43,9 +43,9 @@ When you purchase Windows 10 Enterprise E3 via a partner, you get the followin How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance? -- [Microsoft Volume Licensing](https://www.microsoft.com/en-us/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products. +- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products. -- [Software Assurance](https://www.microsoft.com/en-us/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits: +- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits: - **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits. diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index 66d5049d31..e46fc7ed24 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -77,7 +77,7 @@ Features on demand is a method for adding features to your Windows 10 image that ## Related topics -[Microsoft Volume Licensing Service Center (VLSC) User Guide](https://www.microsoft.com/en-us/download/details.aspx?id=10585) +[Microsoft Volume Licensing Service Center (VLSC) User Guide](https://www.microsoft.com/download/details.aspx?id=10585)
[Volume Activation for Windows 10](https://docs.microsoft.com/windows/deployment/volume-activation/volume-activation-windows-10)
[Plan for volume activation](https://docs.microsoft.com/windows/deployment/volume-activation/plan-for-volume-activation-client)
[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150) diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index ddb22cbbbb..87eea0e845 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -75,7 +75,7 @@ MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 Stop-Process -Name Explorer ``` -2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/en-us/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443. +2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443. 3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components. @@ -638,7 +638,7 @@ Deployment logs are available on the client computer in the following locations: You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**. -Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/en-us/download/details.aspx?id=50012) +Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012) Also see [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information. diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index d9a32a74be..929b097d58 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -72,7 +72,7 @@ Topics and procedures in this guide are summarized in the following table. An es >If the request to add features fails, retry the installation by typing the command again. -2. Download [SQL Server 2014 SP2](https://www.microsoft.com/en-us/evalcenter/evaluate-sql-server-2014-sp2) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory. +2. Download [SQL Server 2014 SP2](https://www.microsoft.com/evalcenter/evaluate-sql-server-2014-sp2) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory. 3. When you have downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: ``` @@ -126,7 +126,7 @@ Topics and procedures in this guide are summarized in the following table. An es Stop-Process -Name Explorer ``` -2. Download [System Center Configuration Manager and Endpoint Protection](https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1 (download the executable file anywhere on SRV1), double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The C:\configmgr directory will be automatically created. Click **OK** and then close the **WinZip Self-Extractor** dialog box when finished. +2. Download [System Center Configuration Manager and Endpoint Protection](https://www.microsoft.com/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1 (download the executable file anywhere on SRV1), double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The C:\configmgr directory will be automatically created. Click **OK** and then close the **WinZip Self-Extractor** dialog box when finished. 3. Before starting the installation, verify that WMI is working on SRV1. See the following examples. Verify that **Running** is displayed under **Status** and **True** is displayed next to **TcpTestSucceeded**: diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index b12b80110d..7a4fb81ed7 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -224,9 +224,9 @@ Starting with Windows 8, the host computer’s microprocessor must support secon ### Download VHD and ISO files -When you have completed installation of Hyper-V on the host computer, begin configuration of Hyper-V by downloading VHD and ISO files to the Hyper-V host. These files will be used to create the VMs used in the lab. Before you can download VHD and ISO files, you will need to register and sign in to the [TechNet Evaluation Center](https://www.microsoft.com/en-us/evalcenter/) using your Microsoft account. +When you have completed installation of Hyper-V on the host computer, begin configuration of Hyper-V by downloading VHD and ISO files to the Hyper-V host. These files will be used to create the VMs used in the lab. Before you can download VHD and ISO files, you will need to register and sign in to the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter/) using your Microsoft account. -1. Create a directory on your Hyper-V host named **C:\VHD** and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the **C:\VHD** directory. +1. Create a directory on your Hyper-V host named **C:\VHD** and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the **C:\VHD** directory. **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. @@ -238,7 +238,7 @@ When you have completed installation of Hyper-V on the host computer, begin conf 2. Download the file to the **C:\VHD** directory. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is done to make the filename simple to recognize and type. 3. Copy the VHD to a second file also in the **C:\VHD** directory and name this VHD **2012R2-poc-2.vhd**. -4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the **C:\VHD** directory on your Hyper-V host. +4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the **C:\VHD** directory on your Hyper-V host. >During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. **Note: The evaluation version of Windows 10 does not support in-place upgrade**. diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 198a7e9aa2..11ef79b654 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -105,8 +105,8 @@ If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade ben With Windows 10 Enterprise or Windows 10 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Education or Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following: -- [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare) -- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-pricing) +- [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare) +- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-pricing) You can benefit by moving to Windows as an online service in the following ways: @@ -215,12 +215,12 @@ See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md). ## Virtual Desktop Access (VDA) -Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx). +Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx). Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md). ## Related topics [Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
-[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
-[Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx)
+[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
+[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index a8090d1812..6d2dc8e363 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -26,7 +26,7 @@ Before deploying a device using Windows Autopilot, the device must be registered ## OEM registration -When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/en-us/windowsforbusiness/windows-autopilot). +When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/windowsforbusiness/windows-autopilot). Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so. This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization. See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#oem-authorization). diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index f514184445..0e14ae0b89 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -55,7 +55,7 @@ See the following examples. ### Create the JSON file >[!TIP] ->To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/en-us/download/details.aspx?id=54616). +>To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). 1. On an Internet connected Windows PC or Server open an elevated Windows PowerShell command window 2. Enter the following lines to install the necessary modules diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md index 75e7e3a334..b5cc63019b 100644 --- a/windows/deployment/windows-autopilot/white-glove.md +++ b/windows/deployment/windows-autopilot/white-glove.md @@ -71,7 +71,7 @@ Windows Autopilot for white glove deployment supports two distinct scenarios: - User-driven deployments with Hybrid Azure AD Join. The device will be joined to an on-premises Active Directory domain, and separately registered with Azure AD. Each of these scenarios consists of two parts, a technician flow and a user flow. At a high level, these parts are the same for Azure AD Join and Hybrid Azure AD join; differences are primarily seen by the end user in the authentication steps. -### Technican flow +### Technician flow After the customer or IT Admin has targeted all the apps and settings they want for their devices through Intune, the white glove technician can begin the white glove process. The technician could be a member of the IT staff, a services partner, or an OEM – each organization can decide who should perform these activities. Regardless of the scenario, the process to be performed by the technician is the same: - Boot the device (running Windows 10 Pro, Enterprise, or Education SKUs, version 1903 or later). diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 4fcd4811c2..9aa928f3f9 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -84,16 +84,16 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs: To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required: -- [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business) -- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline) -- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx) -- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). -- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. +- [Microsoft 365 Business subscriptions](https://www.microsoft.com/microsoft-365/business) +- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/microsoft-365/enterprise/firstline) +- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx) +- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). +- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. - [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features. -- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service). +- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/cloud-platform/microsoft-intune) (or an alternative MDM service). Additionally, the following are also recommended (but not required): -- [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). +- [Office 365 ProPlus](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). - [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise. ## Configuration requirements diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index 6f5daf90d1..7ebad52ee8 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -42,7 +42,7 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn  ### Download the Diagnostic Data Viewer -Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. +Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. >[!Important] >It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2023830). diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md index 524f34b78a..f142ad0677 100644 --- a/windows/privacy/gdpr-it-guidance.md +++ b/windows/privacy/gdpr-it-guidance.md @@ -74,7 +74,7 @@ For example, when an organization is using Microsoft Windows Defender Advanced T #### Processor scenario -In the controller scenario described above, Microsoft is a *processor* because Microsoft provides data processing services to that controller (in the given example, an organization that subscribed to Windows Defender ATP and enabled it for the user’s device). As processor, Microsoft only processes data on behalf of the enterprise customer and does not have the right to process data beyond their instructions as specified in a written contract, such as the [Microsoft Product Terms and the Microsoft Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx). +In the controller scenario described above, Microsoft is a *processor* because Microsoft provides data processing services to that controller (in the given example, an organization that subscribed to Windows Defender ATP and enabled it for the user’s device). As processor, Microsoft only processes data on behalf of the enterprise customer and does not have the right to process data beyond their instructions as specified in a written contract, such as the [Microsoft Product Terms and the Microsoft Online Services Terms (OST)](https://www.microsoft.com/licensing/product-licensing/products.aspx). ## GDPR relationship between a Windows 10 user and Microsoft @@ -120,11 +120,11 @@ Diagnostic data is categorized into the levels "Security", "Basic", "Enhanced", Most Windows 10 services are controller services in terms of the GDPR – for both Windows functional data and Windows diagnostic data. But there are a few Windows services where Microsoft is a processor for functional data under the GDPR, such as [Windows Analytics](https://www.microsoft.com/windowsforbusiness/windows-analytics) and [Windows Defender Advanced Threat Protection (ATP)](https://www.microsoft.com/windowsforbusiness/windows-atp). >[!NOTE] ->Both Windows Analytics and Windows Defender ATP are subscription services for organizations. Some functionality requires a certain license (please see [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare)). +>Both Windows Analytics and Windows Defender ATP are subscription services for organizations. Some functionality requires a certain license (please see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)). #### Windows Analytics -[Windows Analytics](https://www.microsoft.com/en-us/windowsforbusiness/windows-analytics) is a service that provides rich, actionable information for helping organizations to gain deep insights into the operational efficiency and health of the Windows devices in their environment. It uses Windows diagnostic data from devices enrolled by the IT organization of an enterprise into the Windows Analytics service. +[Windows Analytics](https://www.microsoft.com/windowsforbusiness/windows-analytics) is a service that provides rich, actionable information for helping organizations to gain deep insights into the operational efficiency and health of the Windows devices in their environment. It uses Windows diagnostic data from devices enrolled by the IT organization of an enterprise into the Windows Analytics service. Windows [transmits Windows diagnostic data](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) to Microsoft datacenters, where that data is analyzed and stored. With Windows Analytics, the IT organization can then view the analyzed data to detect and fix issues or to improve their processes for upgrading to Windows 10. @@ -137,7 +137,7 @@ As a result, in terms of the GDPR, the organization that has subscribed to Windo #### Windows Defender ATP -[Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) is cloud-based service that collects and analyzes usage data from an organization’s devices to detect security threats. Some of the data can contain personal data as defined by the GDPR. Enrolled devices transmit usage data to Microsoft datacenters, where that data is analyzed, processed, and stored. The security operations center (SOC) of the organization can view the analyzed data using the [Windows Defender ATP portal](https://securitycenter.windows.com/). +[Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp) is cloud-based service that collects and analyzes usage data from an organization’s devices to detect security threats. Some of the data can contain personal data as defined by the GDPR. Enrolled devices transmit usage data to Microsoft datacenters, where that data is analyzed, processed, and stored. The security operations center (SOC) of the organization can view the analyzed data using the [Windows Defender ATP portal](https://securitycenter.windows.com/). As a result, in terms of the GDPR, the organization that has subscribed to Windows Defender ATP is acting as the controller, while Microsoft is the processor for Windows Defender ATP. @@ -285,7 +285,7 @@ To make it easier to deploy settings that restrict connections from Windows 10 a ### Microsoft Trust Center and Service Trust Portal -Please visit our [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr) to obtain additional resources and to learn more about how Microsoft can help you fulfill specific GDPR requirements. There you can find lots of useful information about the GDPR, including how Microsoft is helping customers to successfully master the GDPR, a FAQ list, and a list of [resources for GDPR compliance](https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/resources). Also, please check out the [Compliance Manager](https://aka.ms/compliancemanager) of the Microsoft [Service Trust Portal (STP)](https://aka.ms/stp) and [Get Started: Support for GDPR Accountability](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted). +Please visit our [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/trustcenter/privacy/gdpr) to obtain additional resources and to learn more about how Microsoft can help you fulfill specific GDPR requirements. There you can find lots of useful information about the GDPR, including how Microsoft is helping customers to successfully master the GDPR, a FAQ list, and a list of [resources for GDPR compliance](https://www.microsoft.com/TrustCenter/Privacy/gdpr/resources). Also, please check out the [Compliance Manager](https://aka.ms/compliancemanager) of the Microsoft [Service Trust Portal (STP)](https://aka.ms/stp) and [Get Started: Support for GDPR Accountability](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted). ### Additional resources diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md index 3ad1a4a14e..259561932e 100644 --- a/windows/privacy/gdpr-win10-whitepaper.md +++ b/windows/privacy/gdpr-win10-whitepaper.md @@ -30,7 +30,7 @@ Microsoft and our customers are now on a journey to achieve the privacy goals of We have outlined our commitment to the GDPR and how we are supporting our customers within the [Get GDPR compliant with the Microsoft Cloud](https://blogs.microsoft.com/on-the-issues/2017/02/15/get-gdpr-compliant-with-the-microsoft-cloud/#hv52B68OZTwhUj2c.99) blog post by our Chief Privacy Officer [Brendon Lynch](https://blogs.microsoft.com/on-the-issues/author/brendonlynch/) and the [Earning your trust with contractual commitments to the General Data Protection Regulation](https://blogs.microsoft.com/on-the-issues/2017/04/17/earning-trust-contractual-commitments-general-data-protection-regulation/#6QbqoGWXCLavGM63.99)” blog post by [Rich Sauer](https://blogs.microsoft.com/on-the-issues/author/rsauer/) - Microsoft Corporate Vice President & Deputy General Counsel. -Although your journey to GDPR-compliance may seem challenging, we're here to help you. For specific information about the GDPR, our commitments and how to begin your journey, please visit the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr). +Although your journey to GDPR-compliance may seem challenging, we're here to help you. For specific information about the GDPR, our commitments and how to begin your journey, please visit the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/trustcenter/privacy/gdpr). ## GDPR and its implications The GDPR is a complex regulation that may require significant changes in how you gather, use and manage personal data. Microsoft has a long history of helping our customers comply with complex regulations, and when it comes to preparing for the GDPR, we are your partner on this journey. @@ -82,7 +82,7 @@ Given how much is involved to become GDPR-compliant, we strongly recommend that  -For each of the steps, we've outlined example tools, resources, and features in various Microsoft solutions, which can be used to help you address the requirements of that step. While this article isn't a comprehensive “how to,” we've included links for you to find out more details, and more information is available in the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr). +For each of the steps, we've outlined example tools, resources, and features in various Microsoft solutions, which can be used to help you address the requirements of that step. While this article isn't a comprehensive “how to,” we've included links for you to find out more details, and more information is available in the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/trustcenter/privacy/gdpr). ## Windows 10 security and privacy As you work to comply with the GDPR, understanding the role of your desktop and laptop client machines in creating, accessing, processing, storing and managing data that may qualify as personal and potentially sensitive data under the GDPR is important. Windows 10 provides capabilities that will help you comply with the GDPR requirements to implement appropriate technical and organizational security measures to protect personal data. @@ -252,7 +252,7 @@ There are numerous ways one can use the Windows Hello Companion Device Framework - Wear a fitness band that has already authenticated the wearer. Upon approaching PC, and by performing a special gesture (like clapping), the PC unlocks. #### Protection against attacks by isolating user credentials -As noted in the [Windows 10 Credential Theft Mitigation Guide](https://www.microsoft.com/en-us/download/confirmation.aspx?id=54095), “_the tools and techniques criminals use to carry out credential theft and reuse attacks improve, malicious attackers are finding it easier to achieve their goals. Credential theft often relies on operational practices or user credential exposure, so effective mitigations require a holistic approach that addresses people, processes, and technology. In addition, these attacks rely on the attacker stealing credentials after compromising a system to expand or persist access, so organizations must contain breaches rapidly by implementing strategies that prevent attackers from moving freely and undetected in a compromised network._” +As noted in the [Windows 10 Credential Theft Mitigation Guide](https://www.microsoft.com/download/confirmation.aspx?id=54095), “_the tools and techniques criminals use to carry out credential theft and reuse attacks improve, malicious attackers are finding it easier to achieve their goals. Credential theft often relies on operational practices or user credential exposure, so effective mitigations require a holistic approach that addresses people, processes, and technology. In addition, these attacks rely on the attacker stealing credentials after compromising a system to expand or persist access, so organizations must contain breaches rapidly by implementing strategies that prevent attackers from moving freely and undetected in a compromised network._” An important design consideration for Windows 10 was mitigating credential theft — in particular, derived credentials. Windows Defender Credential Guard provides significantly improved security against derived credential theft and reuse by implementing a significant architectural change in Windows designed to help eliminate hardware-based isolation attacks rather than simply trying to defend against them. diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index b3059b9fe8..f6b4c85fb6 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: "
| Summary | Originating update | Status | Date resolved |
| Notification issue: \"Your device is missing important security and quality fixes.\" Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\" See details > | N/A | Resolved | September 03, 2019 12:32 PM PT |
| Devices starting using PXE from a WDS or SCCM servers may fail to start Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\" See details > | OS Build 17134.829 June 11, 2019 KB4503286 | Resolved KB4512509 | August 19, 2019 02:00 PM PT |
| Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error. See details > | OS Build 17134.950 August 13, 2019 KB4512501 | Resolved KB4512509 | August 19, 2019 02:00 PM PT |
| Domain connected devices that use MIT Kerberos realms will not start up Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating. See details > | OS Build 17134.915 July 16, 2019 KB4507466 | Resolved KB4512501 | August 13, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Notification issue: \"Your device is missing important security and quality fixes.\" Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes\" in the Windows Update dialog and a red \"!\" in the task tray on the Windows Update tray icon. This notification is intended for devices that are 90 days or more out of date, but some users with installed updates released in June or July also saw this notification. Affected platforms:
Resolution: This issue was resolved on the server side on August 30, 2019. Only devices that are out of date by 90 days or more should now see the notification. No action is required by the user to resolve this issue. If you are still seeing the \"Your device is missing important security and quality fixes\" notification, we recommend selecting Check for Updates in the Windows Update dialog. For instructions, see Update Windows 10. Microsoft always recommends trying to keep your devices up to date, as the monthly updates contain important security fixes. Back to top | N/A | Resolved | Resolved: September 03, 2019 12:32 PM PT Opened: September 03, 2019 12:32 PM PT |
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.
See details >
April 02, 2019
KB4490481
KB4493509
10:00 AM PT
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
See details >
January 08, 2019
KB4480116
KB4493509
10:00 AM PT
Users may receive \"Error 1309\" while installing or uninstalling certain types of MSI and MSP files.
See details >
February 12, 2019
KB4487044
KB4489899
10:00 AM PT
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.
See details >
February 12, 2019
KB4487044
KB4482887
10:00 AM PT
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.
See details >
February 12, 2019
KB4487044
KB4482887
10:00 AM PT
Applications that use a Microsoft Jet database with the Microsoft Access 9 file format may randomly stop working.
See details >
February 12, 2019
KB4487044
KB4482887
10:00 AM PT
Upgrade block: Apple has identified an incompatibility with iCloud for Windows (version 7.7.0.27) where users may experience issues updating or synching Shared Albums.
See details >
November 13, 2018
KB4467708
KB4482887
10:00 AM PT
Upgrade block: Users may see an Intel Audio Display (intcdaud.sys) notification during setup for devices with certain Intel Display Audio Drivers.
See details >
November 13, 2018
KB4467708
KB4482887
10:00 AM PT
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.
See details >
November 13, 2018
KB4467708
KB4482887
10:00 AM PT
Windows Update customers were recently affected by a network infrastructure event caused by an external DNS service provider's global outage.
See details >
11:15 AM PT
Users with multiple audio devices that select an audio output device different from the \"Default Audio Device\" may find certain applications stop working unexpectedly.
See details >
March 01, 2019
KB4482887
KB4490481
10:00 AM PT
| Details | Originating update | Status | History |
| Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. Affected platforms:
Resolution: This issue is resolved in KB4493509. Back to top | OS Build 17763.316 February 12, 2019 KB4487044 | Resolved KB4493509 | Resolved: April 09, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Error 1309 when installing/uninstalling MSI or MSP files After installing KB4487044, users may receive \"Error 1309\" while installing or uninstalling certain types of MSI and MSP files. Affected platforms:
Resolution: This issue is resolved in KB4489899. Back to top | OS Build 17763.316 February 12, 2019 KB4487044 | Resolved KB4489899 | Resolved: March 12, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Internet Explorer may fail to load images After installing KB4487044, Internet Explorer may fail to load images with a backslash (\\) in their relative source path. Affected platforms:
Resolution: This issue is resolved in KB4482887. Back to top | OS Build 17763.316 February 12, 2019 KB4487044 | Resolved KB4482887 | Resolved: March 01, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| First character of the Japanese era name not recognized After installing KB4487044, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues. Affected platforms:
Resolution: This issue is resolved in KB4482887. Back to top | OS Build 17763.316 February 12, 2019 KB4487044 | Resolved KB4482887 | Resolved: March 01, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Applications using Microsoft Jet database and Access 95 file format stop working Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working. Affected platforms:
Resolution: This issue is resolved in KB4482887. Back to top | OS Build 17763.316 February 12, 2019 KB4487044 | Resolved KB4482887 | Resolved: March 01, 2019 10:00 AM PT Opened: February 12, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers. Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented. Affected platforms:
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article. Resolution: Microsoft has removed the safeguard hold. Back to top | OS Build 17763.134 November 13, 2018 KB4467708 | Resolved | Resolved: May 21, 2019 07:42 AM PT Opened: November 13, 2018 10:00 AM PT |
| Shared albums may not sync with iCloud for Windows Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail. Affected platforms:
To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Windows 10, version 1809 until this issue has been resolved. We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283. Back to top | OS Build 17763.134 November 13, 2018 KB4467708 | Resolved KB4482887 | Resolved: March 01, 2019 10:00 AM PT Opened: November 13, 2018 10:00 AM PT |
| Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration. Affected platforms:
If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance. Resolution: This issue was resolved in KB4482887 and the upgrade block removed. Back to top | OS Build 17763.134 November 13, 2018 KB4467708 | Resolved KB4482887 | Resolved: March 01, 2019 10:00 AM PT Opened: November 13, 2018 10:00 AM PT |
| F5 VPN clients losing network connectivity Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration. Affected platforms:
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. Back to top | OS Build 17763.134 November 13, 2018 KB4467708 | Resolved KB4482887 | Resolved: March 01, 2019 10:00 AM PT Opened: November 13, 2018 10:00 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.