deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

items through 194 reviewed

Browse Source
This commit is contained in:
martyav 2020-01-02 12:19:07 -05:00
parent 12027330d7
commit 5ed4a24514
25 changed files with 526 additions and 521 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
windows/deployment/planning/sua-users-guide.md
View File

@ -1,69 +1,70 @@
---
title: SUA User's Guide (Windows 10)
description: You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: plan
ms.pagetype: appcompat
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# SUA User's Guide
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
You can use SUA in either of the following ways:
- **Standard User Analyzer Wizard.** A wizard that guides you through a step-by-step process to locate and fix issues, without options for additional analysis.
- **Standard User Analyzer Tool.** A full-function tool in which you can perform in-depth analysis and fix issues.
## In this section
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Topic</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p><a href="using-the-sua-wizard.md" data-raw-source="[Using the SUA Wizard](using-the-sua-wizard.md)">Using the SUA Wizard</a></p></td>
<td align="left"><p>The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="using-the-sua-tool.md" data-raw-source="[Using the SUA Tool](using-the-sua-tool.md)">Using the SUA Tool</a></p></td>
<td align="left"><p>By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.</p></td>
</tr>
</tbody>
</table>
---
title: SUA User's Guide (Windows 10)
description: Standard User Analyzer (SUA) can test your apps and monitor API calls to detect compatibility issues related to Windows' User Account Control (UAC) feature.
ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: plan
ms.pagetype: appcompat
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# SUA User's Guide
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
You can use SUA in either of the following ways:
- **Standard User Analyzer Wizard.** A wizard that guides you through a step-by-step process to locate and fix issues, without options for additional analysis.
- **Standard User Analyzer Tool.** A full-function tool in which you can perform in-depth analysis and fix issues.
## In this section
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Topic</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p><a href="using-the-sua-wizard.md" data-raw-source="[Using the SUA Wizard](using-the-sua-wizard.md)">Using the SUA Wizard</a></p></td>
<td align="left"><p>The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.</p></td>
</tr>
<tr class="even">
<td align="left"><p><a href="using-the-sua-tool.md" data-raw-source="[Using the SUA Tool](using-the-sua-tool.md)">Using the SUA Tool</a></p></td>
<td align="left"><p>By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.</p></td>
</tr>
</tbody>
</table>

227
windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
View File

@ -1,113 +1,114 @@
---
title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
description: You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied.
ms.assetid: c1945425-3f8d-4de8-9d2d-59f801f07034
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: plan
ms.pagetype: appcompat
ms.sitesec: library
audience: itpro author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Using the Sdbinst.exe Command-Line Tool
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2016
- Windows Server 2012
- Windows Server 2008 R2
You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
## Command-Line Options for Deploying Customized Database Files
Sample output from the command `Sdbinst.exe /?` in an elevated CMD window:
```
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Windows\system32>Sdbinst.exe /?
Usage: Sdbinst.exe [-?] [-q] [-u] [-g] [-p] [-n[:WIN32|WIN64]] myfile.sdb | {guid} | "name"
-? - print this help text.
-p - Allow SDBs containing patches.
-q - Quiet mode: prompts are auto-accepted.
-u - Uninstall.
-g {guid} - GUID of file (uninstall only).
-n "name" - Internal name of file (uninstall only).
C:\Windows\system32>_
```
The command-line options use the following conventions:
Sdbinst.exe \[-?\] \[-p\] \[-q\] \[-u\] \[-g\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\]
The following table describes the available command-line options.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Option</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>-?</p></td>
<td align="left"><p>Displays the Help for the Sdbinst.exe tool.</p>
<p>For example,</p>
<p><code>sdbinst.exe -?</code></p></td>
</tr>
<tr class="even">
<td align="left"><p>-p</p></td>
<td align="left"><p>Allows SDBs installation with Patches</p>
<p>For example,</p>
<p><code>sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb</code></p></td>
</tr>
<tr class="odd">
<td align="left"><p>-q</p></td>
<td align="left"><p>Performs a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).</p>
<p>For example,</p>
<p><code>sdbinst.exe -q</code></p></td>
</tr>
<tr class="even">
<td align="left"><p>-u <em>filepath</em></p></td>
<td align="left"><p>Performs an uninstallation of the specified database.</p>
<p>For example,</p>
<p><code>sdbinst.exe -u C:\example.sdb</code></p></td>
</tr>
<tr class="odd">
<td align="left"><p>-g <em>GUID</em></p></td>
<td align="left"><p>Specifies the customized database to uninstall by a globally unique identifier (GUID).</p>
<p>For example,</p>
<p><code>sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3</code></p></td>
</tr>
<tr class="even">
<td align="left"><p>-n <em>&quot;name&quot;</em></p></td>
<td align="left"><p>Specifies the customized database to uninstall by file name.</p>
<p>For example,</p>
<p><code>sdbinst.exe -n &quot;My_Database&quot;</code></p></td>
</tr>
</tbody>
</table>
## Related topics
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
---
title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command line options.
ms.assetid: c1945425-3f8d-4de8-9d2d-59f801f07034
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: plan
ms.pagetype: appcompat
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Using the Sdbinst.exe Command-Line Tool
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2016
- Windows Server 2012
- Windows Server 2008 R2
You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
## Command-Line Options for Deploying Customized Database Files
Sample output from the command `Sdbinst.exe /?` in an elevated CMD window:
```
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Windows\system32>Sdbinst.exe /?
Usage: Sdbinst.exe [-?] [-q] [-u] [-g] [-p] [-n[:WIN32|WIN64]] myfile.sdb | {guid} | "name"
-? - print this help text.
-p - Allow SDBs containing patches.
-q - Quiet mode: prompts are auto-accepted.
-u - Uninstall.
-g {guid} - GUID of file (uninstall only).
-n "name" - Internal name of file (uninstall only).
C:\Windows\system32>_
```
The command-line options use the following conventions:
Sdbinst.exe \[-?\] \[-p\] \[-q\] \[-u\] \[-g\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\]
The following table describes the available command-line options.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Option</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>-?</p></td>
<td align="left"><p>Displays the Help for the Sdbinst.exe tool.</p>
<p>For example,</p>
<p><code>sdbinst.exe -?</code></p></td>
</tr>
<tr class="even">
<td align="left"><p>-p</p></td>
<td align="left"><p>Allows SDBs installation with Patches</p>
<p>For example,</p>
<p><code>sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb</code></p></td>
</tr>
<tr class="odd">
<td align="left"><p>-q</p></td>
<td align="left"><p>Performs a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).</p>
<p>For example,</p>
<p><code>sdbinst.exe -q</code></p></td>
</tr>
<tr class="even">
<td align="left"><p>-u <em>filepath</em></p></td>
<td align="left"><p>Performs an uninstallation of the specified database.</p>
<p>For example,</p>
<p><code>sdbinst.exe -u C:\example.sdb</code></p></td>
</tr>
<tr class="odd">
<td align="left"><p>-g <em>GUID</em></p></td>
<td align="left"><p>Specifies the customized database to uninstall by a globally unique identifier (GUID).</p>
<p>For example,</p>
<p><code>sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3</code></p></td>
</tr>
<tr class="even">
<td align="left"><p>-n <em>&quot;name&quot;</em></p></td>
<td align="left"><p>Specifies the customized database to uninstall by file name.</p>
<p>For example,</p>
<p><code>sdbinst.exe -n &quot;My_Database&quot;</code></p></td>
</tr>
</tbody>
</table>
## Related topics
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

87
windows/deployment/volume-activation/volume-activation-management-tool.md
View File

@ -1,43 +1,44 @@
---
title: Volume Activation Management Tool (VAMT) Technical Reference (Windows 10)
description: The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
ms.assetid: 1df0f795-f41c-473b-850c-e98af1ad2f2a
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Volume Activation Management Tool (VAMT) Technical Reference
The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems:
- Windows® 7 or above
- Windows Server 2008 R2 or above
**Important**  
VAMT is designed to manage volume activation for: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 (or obove), Microsoft Office 2010 (or above).
VAMT is only available in an EN-US (x86) package.
## In this Section
|Topic |Description |
|------|------------|
|[Introduction to VAMT](introduction-vamt.md) |Provides a description of VAMT and common usages. |
|[Active Directory-Based Activation Overview](active-directory-based-activation-overview.md) |Describes Active Directory-Based Activation scenarios. |
|[Install and Configure VAMT](install-configure-vamt.md) |Describes how to install VAMT and use it to configure client computers on your network. |
|[Add and Manage Products](add-manage-products-vamt.md) |Describes how to add client computers into VAMT. |
|[Manage Product Keys](manage-product-keys-vamt.md) |Describes how to add and remove a product key from VAMT. |
|[Manage Activations](manage-activations-vamt.md) |Describes how to activate a client computer by using a variety of activation methods. |
|[Manage VAMT Data](manage-vamt-data.md) |Describes how to save, import, export, and merge a Computer Information List (CILX) file using VAMT. |
|[VAMT Step-by-Step Scenarios](vamt-step-by-step.md) |Provides step-by-step instructions for using VAMT in typical environments. |
|[VAMT Known Issues](vamt-known-issues.md) |Lists known issues in VAMT. |
---
title: Volume Activation Management Tool (VAMT) Technical Reference (Windows 10)
description: The Volume Activation Management Tool (VAMT) enables network administrators to automate and centrally manage volume activation and retail activation.
ms.assetid: 1df0f795-f41c-473b-850c-e98af1ad2f2a
ms.reviewer:
manager: laurawi
ms.author: greglin
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro
author: greg-lindsay
ms.date: 04/25/2017
ms.topic: article
---
# Volume Activation Management Tool (VAMT) Technical Reference
The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems:
- Windows® 7 or above
- Windows Server 2008 R2 or above
**Important**  
VAMT is designed to manage volume activation for: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 (or obove), Microsoft Office 2010 (or above).
VAMT is only available in an EN-US (x86) package.
## In this Section
|Topic |Description |
|------|------------|
|[Introduction to VAMT](introduction-vamt.md) |Provides a description of VAMT and common usages. |
|[Active Directory-Based Activation Overview](active-directory-based-activation-overview.md) |Describes Active Directory-Based Activation scenarios. |
|[Install and Configure VAMT](install-configure-vamt.md) |Describes how to install VAMT and use it to configure client computers on your network. |
|[Add and Manage Products](add-manage-products-vamt.md) |Describes how to add client computers into VAMT. |
|[Manage Product Keys](manage-product-keys-vamt.md) |Describes how to add and remove a product key from VAMT. |
|[Manage Activations](manage-activations-vamt.md) |Describes how to activate a client computer by using a variety of activation methods. |
|[Manage VAMT Data](manage-vamt-data.md) |Describes how to save, import, export, and merge a Computer Information List (CILX) file using VAMT. |
|[VAMT Step-by-Step Scenarios](vamt-step-by-step.md) |Provides step-by-step instructions for using VAMT in typical environments. |
|[VAMT Known Issues](vamt-known-issues.md) |Lists known issues in VAMT. |

552
windows/deployment/windows-10-deployment-scenarios.md
View File

@ -1,275 +1,277 @@
---
title: Windows 10 deployment scenarios (Windows 10)
description: To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider.
ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5
ms.reviewer:
manager: laurawi
ms.audience: itpro author: greg-lindsay
keywords: upgrade, in-place, configuration, deploy
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.date: 11/06/2018
audience: itpro author: greg-lindsay
ms.topic: article
---
# Windows 10 deployment scenarios
**Applies to**
- Windows 10
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home).
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
- Traditional deployment methods use existing tools to deploy operating system images.<br>&nbsp;
<table border="0">
<tr><td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Category</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Scenario</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Description</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>More information</b></td></tr>
<tr><td align='center' valign='middle' style='width:16%; border:1;' rowspan="2">Modern</td>
<td align="center">
[Windows Autopilot](#windows-autopilot)</td>
<td align="center" style="width:16%; border:1;">
Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot">Overview of Windows Autopilot</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[In-place upgrade](#in-place-upgrade)
</td>
<td align="center" style="width:16%; border:1;">
Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit">Perform an in-place upgrade to Windows 10 with MDT</a><br><a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager">Perform an in-place upgrade to Windows 10 using Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;" rowspan="3">
Dynamic
</td>
<td align="center" style="width:16%; border:1;">
[Subscription Activation](#windows-10-subscription-activation)
</td>
<td align="center" style="width:16%; border:1;">
Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation">Windows 10 Subscription Activation</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[AAD / MDM](#dynamic-provisioning)
</td>
<td align="center" style="width:16%; border:1;">
The device is automatically joined to AAD and configured by MDM.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm">Azure Active Directory integration with MDM</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[Provisioning packages](#dynamic-provisioning)
</td>
<td align="center" style="width:16%; border:1;">
Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/configuration/configure-devices-without-mdm">Configure devices without MDM</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;" rowspan="3">
Traditional
</td>
<td align="center" style="width:16%; border:1;">
[Bare metal](#new-computer)
</td>
<td align="center" style="width:16%; border:1;">
Deploy a new device, or wipe an existing device and deploy with a fresh image.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="https://docs.microsoft.com/sccm/osd/deploy-use/install-new-windows-version-new-computer-bare-metal">Install a new version of Windows on a new computer with System Center Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[Refresh](#computer-refresh)
</td>
<td align="center" style="width:16%; border:1;">
Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[Replace](#computer-replace)
</td>
<td align="center" style="width:16%; border:1;">
Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
</td>
</tr>
</table>
<br>&nbsp;
>[!IMPORTANT]
>The Windows Autopilot and Subscription Activation scenarios require that the beginning OS be Windows 10 version 1703, or later.<br>
>Except for clean install scenarios such as traditional bare metal and Windows Autopilot, all the methods described can optionally migrate apps and settings to the new OS.
## Modern deployment methods
Modern deployment methods embrace both traditional on-prem and cloud services to deliver a simple, streamlined, cost effective deployment experience.
### Windows Autopilot
Windows Autopilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. Windows Autopilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows 10 PCs and provide end users with a fully configured new Windows 10 device after just a few clicks. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
For more information about Windows Autopilot, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) and [Modernizing Windows deployment with Windows Autopilot](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/).
### In-place upgrade
For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. This is accomplished by leveraging tools like System Center Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
The in-place upgrade process is designed to be extremely reliable, with the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by leveraging the automatically-created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications do not need to be reinstalled as part of the process.
Because existing applications are preserved through the process, the upgrade process uses the standard Windows installation media image (Install.wim); custom images are not needed and cannot be used because the upgrade process is unable to deal with conflicts between apps in the old and new operating system. (For example, Contoso Timecard 1.0 in Windows 7 and Contoso Timecard 3.0 in the Windows 10 image.)
Scenarios that support in-place upgrade with some additional procedures include changing from BIOS to UEFI boot mode and upgrade of devices that use non-Microsoft disk encryption software.
- **Legacy BIOS to UEFI booting**: To perform an in-place upgrade on a UEFI-capable system that currently boots using legacy BIOS, first perform the in-place upgrade to Windows 10, maintaining the legacy BIOS boot mode. Windows 10 does not require UEFI, so it will work fine to upgrade a system using legacy BIOS emulation. After the upgrade, if you wish to enable Windows 10 features that require UEFI (such as Secure Boot), you can convert the system disk to a format that supports UEFI boot using the [MBR2GPT](https://docs.microsoft.com/windows/deployment/mbr-to-gpt) tool. Note: [UEFI specification](http://www.uefi.org/specifications) requires GPT disk layout. After the disk has been converted, you must also configure the firmware to boot in UEFI mode.
- **Non-Microsoft disk encryption software**: While devices encrypted with BitLocker can easily be upgraded, more work is necessary for non-Microsoft disk encryption tools. Some ISVs will provide instructions on how to integrate their software into the in-place upgrade process. Check with your ISV to see if they have instructions. The following articles provide details on how to provision encryption drivers for use during Windows Setup via the ReflectDrivers setting:
- [Windows Setup Automation Overview](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-automation-overview)
- [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options)
There are some situations where you cannot use in-place upgrade; in these situations, you can use traditional deployment (wipe-and-load) instead. Examples of these situations include:
- Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process cannot change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
- Windows To Go and Boot from VHD installations. The upgrade process is unable to upgrade these installations. Instead, new installations would need to be performed.
- Updating existing images. While it might be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image, this is not supported preparing an upgraded OS for imaging (using Sysprep.exe) is not supported and will not work when it detects the upgraded OS.
- Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS; if using dual-boot or multi-boot systems with multiple operating systems (not leveraging virtual machines for the second and subsequent operating systems), additional care should be taken.
## Dynamic provisioning
For new PCs, organizations have historically replaced the version of Windows included on the device with their own custom Windows image, because this was often faster and easier than leveraging the preinstalled version. But this is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows 10, it is now possible to avoid this.
The goal of dynamic provisioning is to take a new PC out of the box, turn it on, and transform it into a productive organization device, with minimal time and effort. The types of transformations that are available include:
### Windows 10 Subscription Activation<A ID="windows-10-subscription-activation"></A>
Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation).
### Azure Active Directory (AAD) join with automatic mobile device management (MDM) enrollment
In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed. For more information, see [Azure Active Directory integration with MDM](https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
### Provisioning package configuration
Using the [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
These scenarios can be used to enable “choose your own device” (CYOD) programs where the organizations users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
While the initial Windows 10 release includes a variety of provisioning settings and deployment mechanisms, these will continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for additional features through the Windows Feedback app or through their Microsoft Support contacts.
## Traditional deployment:
New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md), and [System Center Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md).
With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important and will continue to be available to organizations that need them.
The traditional deployment scenario can be divided into different sub-scenarios. These are explained in detail in the following sections, but the following provides a brief summary:
- **New computer.** A bare-metal deployment of a new machine.
- **Computer refresh.** A reinstall of the same machine (with user-state migration and an optional full Windows Imaging (WIM) image backup).
- **Computer replace.** A replacement of the old machine with a new machine (with user-state migration and an optional full WIM image backup).
### New computer
Also called a "bare metal" deployment. This scenario occurs when you have a blank machine you need to deploy, or an existing machine you want to wipe and redeploy without needing to preserve any existing data. The setup starts from a boot media, using CD, USB, ISO, or Pre-Boot Execution Environment (PXE). You can also generate a full offline media that includes all the files needed for a client deployment, allowing you to deploy without having to connect to a central deployment share. The target can be a physical computer, a virtual machine, or a Virtual Hard Disk (VHD) running on a physical computer (boot from VHD).
The deployment process for the new machine scenario is as follows:
1. Start the setup from boot media (CD, USB, ISO, or PXE).
2. Wipe the hard disk clean and create new volume(s).
3. Install the operating system image.
4. Install other applications (as part of the task sequence).
After taking these steps, the computer is ready for use.
### Computer refresh
A refresh is sometimes called wipe-and-load. The process is normally initiated in the running operating system. User data and settings are backed up and restored later as part of the deployment process. The target can be the same as for the new computer scenario.
The deployment process for the wipe-and-load scenario is as follows:
1. Start the setup on a running operating system.
2. Save the user state locally.
3. Wipe the hard disk clean (except for the folder containing the backup).
4. Install the operating system image.
5. Install other applications.
6. Restore the user state.
After taking these steps, the machine is ready for use.
### Computer replace
A computer replace is similar to the refresh scenario. However, since we are replacing the machine, we divide this scenario into two main tasks: backup of the old client and bare-metal deployment of the new client. As with the refresh scenario, user data and settings are backed up and restored.
The deployment process for the replace scenario is as follows:
1. Save the user state (data and settings) on the server through a backup job on the running operating system.
2. Deploy the new computer as a bare-metal deployment.
**Note**<br>In some situations, you can use the replace scenario even if the target is the same machine. For example, you can use replace if you want to modify the disk layout from the master boot record (MBR) to the GUID partition table (GPT), which will allow you to take advantage of the Unified Extensible Firmware Interface (UEFI) functionality. You can also use replace if the disk needs to be repartitioned since user data needs to be transferred off the disk.
## Related topics
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Upgrade to Windows 10 with System Center Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Windows setup technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619357)
- [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=619358)
- [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619359)
---
title: Windows 10 deployment scenarios (Windows 10)
description: Understand the different ways Windows 10 operating system can be deployed in your organization. Explore several Windows 10 deployment scenarios.
ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5
ms.reviewer:
manager: laurawi
ms.audience: itpro
author: greg-lindsay
keywords: upgrade, in-place, configuration, deploy
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.date: 11/06/2018
audience: itpro
author: greg-lindsay
ms.topic: article
---
# Windows 10 deployment scenarios
**Applies to**
- Windows 10
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home).
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
- Traditional deployment methods use existing tools to deploy operating system images.<br>&nbsp;
<table border="0">
<tr><td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Category</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Scenario</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Description</b></td>
<td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>More information</b></td></tr>
<tr><td align='center' valign='middle' style='width:16%; border:1;' rowspan="2">Modern</td>
<td align="center">
[Windows Autopilot](#windows-autopilot)</td>
<td align="center" style="width:16%; border:1;">
Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot">Overview of Windows Autopilot</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[In-place upgrade](#in-place-upgrade)
</td>
<td align="center" style="width:16%; border:1;">
Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit">Perform an in-place upgrade to Windows 10 with MDT</a><br><a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager">Perform an in-place upgrade to Windows 10 using Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;" rowspan="3">
Dynamic
</td>
<td align="center" style="width:16%; border:1;">
[Subscription Activation](#windows-10-subscription-activation)
</td>
<td align="center" style="width:16%; border:1;">
Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation">Windows 10 Subscription Activation</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[AAD / MDM](#dynamic-provisioning)
</td>
<td align="center" style="width:16%; border:1;">
The device is automatically joined to AAD and configured by MDM.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm">Azure Active Directory integration with MDM</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[Provisioning packages](#dynamic-provisioning)
</td>
<td align="center" style="width:16%; border:1;">
Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/configuration/configure-devices-without-mdm">Configure devices without MDM</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;" rowspan="3">
Traditional
</td>
<td align="center" style="width:16%; border:1;">
[Bare metal](#new-computer)
</td>
<td align="center" style="width:16%; border:1;">
Deploy a new device, or wipe an existing device and deploy with a fresh image.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="https://docs.microsoft.com/sccm/osd/deploy-use/install-new-windows-version-new-computer-bare-metal">Install a new version of Windows on a new computer with System Center Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[Refresh](#computer-refresh)
</td>
<td align="center" style="width:16%; border:1;">
Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
</td>
</tr>
<tr>
<td align="center" style="width:16%; border:1;">
[Replace](#computer-replace)
</td>
<td align="center" style="width:16%; border:1;">
Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
</td>
<td align="center" style="width:16%; border:1;">
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
</td>
</tr>
</table>
<br>&nbsp;
>[!IMPORTANT]
>The Windows Autopilot and Subscription Activation scenarios require that the beginning OS be Windows 10 version 1703, or later.<br>
>Except for clean install scenarios such as traditional bare metal and Windows Autopilot, all the methods described can optionally migrate apps and settings to the new OS.
## Modern deployment methods
Modern deployment methods embrace both traditional on-prem and cloud services to deliver a simple, streamlined, cost effective deployment experience.
### Windows Autopilot
Windows Autopilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. Windows Autopilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows 10 PCs and provide end users with a fully configured new Windows 10 device after just a few clicks. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
For more information about Windows Autopilot, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) and [Modernizing Windows deployment with Windows Autopilot](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/).
### In-place upgrade
For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. This is accomplished by leveraging tools like System Center Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
The in-place upgrade process is designed to be extremely reliable, with the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by leveraging the automatically-created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications do not need to be reinstalled as part of the process.
Because existing applications are preserved through the process, the upgrade process uses the standard Windows installation media image (Install.wim); custom images are not needed and cannot be used because the upgrade process is unable to deal with conflicts between apps in the old and new operating system. (For example, Contoso Timecard 1.0 in Windows 7 and Contoso Timecard 3.0 in the Windows 10 image.)
Scenarios that support in-place upgrade with some additional procedures include changing from BIOS to UEFI boot mode and upgrade of devices that use non-Microsoft disk encryption software.
- **Legacy BIOS to UEFI booting**: To perform an in-place upgrade on a UEFI-capable system that currently boots using legacy BIOS, first perform the in-place upgrade to Windows 10, maintaining the legacy BIOS boot mode. Windows 10 does not require UEFI, so it will work fine to upgrade a system using legacy BIOS emulation. After the upgrade, if you wish to enable Windows 10 features that require UEFI (such as Secure Boot), you can convert the system disk to a format that supports UEFI boot using the [MBR2GPT](https://docs.microsoft.com/windows/deployment/mbr-to-gpt) tool. Note: [UEFI specification](http://www.uefi.org/specifications) requires GPT disk layout. After the disk has been converted, you must also configure the firmware to boot in UEFI mode.
- **Non-Microsoft disk encryption software**: While devices encrypted with BitLocker can easily be upgraded, more work is necessary for non-Microsoft disk encryption tools. Some ISVs will provide instructions on how to integrate their software into the in-place upgrade process. Check with your ISV to see if they have instructions. The following articles provide details on how to provision encryption drivers for use during Windows Setup via the ReflectDrivers setting:
- [Windows Setup Automation Overview](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-automation-overview)
- [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options)
There are some situations where you cannot use in-place upgrade; in these situations, you can use traditional deployment (wipe-and-load) instead. Examples of these situations include:
- Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process cannot change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
- Windows To Go and Boot from VHD installations. The upgrade process is unable to upgrade these installations. Instead, new installations would need to be performed.
- Updating existing images. While it might be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image, this is not supported preparing an upgraded OS for imaging (using Sysprep.exe) is not supported and will not work when it detects the upgraded OS.
- Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS; if using dual-boot or multi-boot systems with multiple operating systems (not leveraging virtual machines for the second and subsequent operating systems), additional care should be taken.
## Dynamic provisioning
For new PCs, organizations have historically replaced the version of Windows included on the device with their own custom Windows image, because this was often faster and easier than leveraging the preinstalled version. But this is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows 10, it is now possible to avoid this.
The goal of dynamic provisioning is to take a new PC out of the box, turn it on, and transform it into a productive organization device, with minimal time and effort. The types of transformations that are available include:
### Windows 10 Subscription Activation<A ID="windows-10-subscription-activation"></A>
Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation).
### Azure Active Directory (AAD) join with automatic mobile device management (MDM) enrollment
In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed. For more information, see [Azure Active Directory integration with MDM](https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
### Provisioning package configuration
Using the [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
These scenarios can be used to enable “choose your own device” (CYOD) programs where the organizations users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
While the initial Windows 10 release includes a variety of provisioning settings and deployment mechanisms, these will continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for additional features through the Windows Feedback app or through their Microsoft Support contacts.
## Traditional deployment:
New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md), and [System Center Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md).
With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important and will continue to be available to organizations that need them.
The traditional deployment scenario can be divided into different sub-scenarios. These are explained in detail in the following sections, but the following provides a brief summary:
- **New computer.** A bare-metal deployment of a new machine.
- **Computer refresh.** A reinstall of the same machine (with user-state migration and an optional full Windows Imaging (WIM) image backup).
- **Computer replace.** A replacement of the old machine with a new machine (with user-state migration and an optional full WIM image backup).
### New computer
Also called a "bare metal" deployment. This scenario occurs when you have a blank machine you need to deploy, or an existing machine you want to wipe and redeploy without needing to preserve any existing data. The setup starts from a boot media, using CD, USB, ISO, or Pre-Boot Execution Environment (PXE). You can also generate a full offline media that includes all the files needed for a client deployment, allowing you to deploy without having to connect to a central deployment share. The target can be a physical computer, a virtual machine, or a Virtual Hard Disk (VHD) running on a physical computer (boot from VHD).
The deployment process for the new machine scenario is as follows:
1. Start the setup from boot media (CD, USB, ISO, or PXE).
2. Wipe the hard disk clean and create new volume(s).
3. Install the operating system image.
4. Install other applications (as part of the task sequence).
After taking these steps, the computer is ready for use.
### Computer refresh
A refresh is sometimes called wipe-and-load. The process is normally initiated in the running operating system. User data and settings are backed up and restored later as part of the deployment process. The target can be the same as for the new computer scenario.
The deployment process for the wipe-and-load scenario is as follows:
1. Start the setup on a running operating system.
2. Save the user state locally.
3. Wipe the hard disk clean (except for the folder containing the backup).
4. Install the operating system image.
5. Install other applications.
6. Restore the user state.
After taking these steps, the machine is ready for use.
### Computer replace
A computer replace is similar to the refresh scenario. However, since we are replacing the machine, we divide this scenario into two main tasks: backup of the old client and bare-metal deployment of the new client. As with the refresh scenario, user data and settings are backed up and restored.
The deployment process for the replace scenario is as follows:
1. Save the user state (data and settings) on the server through a backup job on the running operating system.
2. Deploy the new computer as a bare-metal deployment.
**Note**<br>In some situations, you can use the replace scenario even if the target is the same machine. For example, you can use replace if you want to modify the disk layout from the master boot record (MBR) to the GUID partition table (GPT), which will allow you to take advantage of the Unified Extensible Firmware Interface (UEFI) functionality. You can also use replace if the disk needs to be repartitioned since user data needs to be transferred off the disk.
## Related topics
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Upgrade to Windows 10 with System Center Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Windows setup technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619357)
- [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=619358)
- [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619359)

2
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -1,6 +1,6 @@
---
title: Manage Windows Defender Credential Guard (Windows 10)
description: Deploying and managing Windows Defender Credential Guard using Group Policy, the registry, or the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool.
description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools.
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library

2
windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
View File

@ -1,6 +1,6 @@
---
title: Windows Hello biometrics in the enterprise (Windows 10)
description: Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.
description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition.
ms.assetid: d3f27d94-2226-4547-86c0-65c84d6df8Bc
ms.reviewer:
keywords: Windows Hello, enterprise biometrics

2
windows/security/threat-protection/auditing/audit-file-system.md
View File

@ -1,6 +1,6 @@
---
title: Audit File System (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File System, which determines whether the operating system generates audit events when users attempt to access file system objects.
description: The Advanced Security Audit policy setting, Audit File System, determines if audit events are generated when users attempt to access file system objects.
ms.assetid: 6a71f283-b8e5-41ac-b348-0b7ec6ea0b1f
ms.reviewer:
manager: dansimp

2
windows/security/threat-protection/auditing/audit-handle-manipulation.md
View File

@ -1,6 +1,6 @@
---
title: Audit Handle Manipulation (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed.
description: The Advanced Security Audit policy setting, Audit Handle Manipulation, determines if audit events are generated when a handle to an object is opened or closed.
ms.assetid: 1fbb004a-ccdc-4c80-b3da-a4aa7a9f4091
ms.reviewer:
manager: dansimp

2
windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
View File

@ -1,6 +1,6 @@
---
title: Audit IPsec Quick Mode (Windows 10)
description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Quick Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
description: The policy setting, Audit IPsec Quick Mode, decides if audit events are generated for the results of the IKE protocol and AuthIP during Quick Mode negotiations.
ms.assetid: 7be67a15-c2ce-496a-9719-e25ac7699114
ms.reviewer:
manager: dansimp

2
windows/security/threat-protection/auditing/audit-logoff.md
View File

@ -1,6 +1,6 @@
---
title: Audit Logoff (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logoff, which determines whether the operating system generates audit events when logon sessions are terminated.
description: The Advanced Security Audit policy setting, Audit Logoff, determines if audit events are generated when logon sessions are terminated.
ms.assetid: 681e51f2-ba06-46f5-af8c-d9c48d515432
ms.reviewer:
manager: dansimp

2
windows/security/threat-protection/auditing/audit-other-object-access-events.md
View File

@ -1,6 +1,6 @@
---
title: Audit Other Object Access Events (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Object Access Events, which determines whether the operating system generates audit events for the management of Task Scheduler jobs or COM+ objects.
description: The policy setting, Audit Other Object Access Events, determines if audit events are generated for the management of Task Scheduler jobs or COM+ objects.
ms.assetid: b9774595-595d-4199-b0c5-8dbc12b6c8b2
ms.reviewer:
manager: dansimp

2
windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
View File

@ -1,6 +1,6 @@
---
title: Monitor resource attribute definitions (Windows 10)
description: This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.
description: Learn how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.
ms.assetid: aace34b0-123a-4b83-9e09-f269220e79de
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
View File

@ -1,6 +1,6 @@
---
title: Monitor the use of removable storage devices (Windows 10)
description: This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects.
description: Learn how advanced security auditing options can be used to monitor attempts to use removable storage devices to access network resources.
ms.assetid: b0a9e4a5-b7ff-41c6-96ff-0228d4ba5da8
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
View File

@ -1,6 +1,6 @@
---
title: Monitor user and device claims during sign-in (Windows 10)
description: This topic for the IT professional describes how to monitor user and device claims that are associated with a users security token when you are using advanced security auditing options to monitor dynamic access control objects.
description: Learn how to monitor user and device claims that are associated with a users security token. This advice assumes you have deployed Dynamic Access Control.
ms.assetid: 71796ea9-5fe4-4183-8475-805c3c1f319f
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft Cloud App Security integration overview
ms.reviewer:
description: Microsoft Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage
description: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) integrates with Cloud App Security by forwarding all cloud app networking activities.
keywords: cloud, app, networking, visibility, usage
search.product: eADQiWindows 10XVcnh
search.appverid: met150

2
windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
View File

@ -1,6 +1,6 @@
---
title: What's in the dashboard and what it means for my organization's security posture
description: What's in the Threat & Vulnerability Management dashboard and how it can help SecOps and Security Administrators arrive at informed decisions to address cybersecurity threat vulnerabilities and build their organization's security resilience.
description: The Threat & Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their org's security resilience.
keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
search.appverid: met150
search.product: eADQiWindows 10XVcnh

2
windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
View File

@ -1,6 +1,6 @@
---
title: Exposure score
description: Your exposure level reflects how vulnerable your organization is to cybersecurity threats. Apply the Threat & Vulnerability Management security recommendations to keep your exposure level low.
description: The Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) exposure score reflects how vulnerable your organization is to cybersecurity threats.
keywords: exposure score, mdatp exposure score, mdatp tvm exposure score, organization exposure score, tvm organization exposure score
search.product: eADQiWindows 10XVcnh
search.appverid: met150

2
windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
View File

@ -1,6 +1,6 @@
---
title: Allow log on through Remote Desktop Services (Windows 10)
description: Describes the best practices, location, values, policy management, and security considerations for the Allow log on through Remote Desktop Services security policy setting.
description: Best practices, location, values, policy management, and security considerations for the security policy setting, Allow log on through Remote Desktop Services.
ms.assetid: 6267c376-8199-4f2b-ae56-9c5424e76798
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
View File

@ -1,6 +1,6 @@
---
title: Domain member Digitally encrypt or sign secure channel data (always) (Windows 10)
description: Describes the best practices, location, values, and security considerations for the Domain member Digitally encrypt or sign secure channel data (always) security policy setting.
description: Best practices, location, values, and security considerations for the policy setting, Domain member Digitally encrypt or sign secure channel data (always).
ms.assetid: 4480c7cb-adca-4f29-b4b8-06eb68d272bf
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
View File

@ -1,6 +1,6 @@
---
title: Domain member Digitally encrypt secure channel data (when possible) (Windows 10)
description: Describes the best practices, location, values, and security considerations for the Domain member Digitally encrypt secure channel data (when possible) security policy setting.
description: Best practices, security considerations, and more for the security policy setting, Domain member Digitally encrypt secure channel data (when possible).
ms.assetid: 73e6023e-0af3-4531-8238-82f0f0e4965b
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
View File

@ -1,6 +1,6 @@
---
title: Interactive logon Message title for users attempting to log on (Windows 10)
description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Message title for users attempting to log on security policy setting.
description: Best practices, security considerations, and more for the security policy setting, Interactive logon Message title for users attempting to log on.
ms.assetid: f2596470-4cc0-4ef1-849c-bef9dc3533c6
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
View File

@ -1,6 +1,6 @@
---
title: Interactive logon Smart card removal behavior (Windows 10)
description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Smart card removal behavior security policy setting.
description: Best practices, location, values, policy management and security considerations for the security policy setting, Interactive logon Smart card removal behavior.
ms.assetid: 61487820-9d49-4979-b15d-c7e735999460
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
View File

@ -1,6 +1,6 @@
---
title: Microsoft network server Server SPN target name validation level (Windows 10)
description: Describes the best practices, location, and values, policy management and security considerations for the Microsoft network server Server SPN target name validation level security policy setting.
description: Best practices, security considerations, and more for the security policy setting, Microsoft network server Server SPN target name validation level.
ms.assetid: 18337f78-eb45-42fd-bdbd-f8cd02c3e154
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
View File

@ -1,6 +1,6 @@
---
title: Network security Restrict NTLM Audit NTLM authentication in this domain (Windows 10)
description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Audit NTLM authentication in this domain security policy setting.
description: Best practices, security considerations, and more for the security policy setting, Network Security Restrict NTLM Audit NTLM authentication in this domain.
ms.assetid: 33183ef9-53b5-4258-8605-73dc46335e6e
ms.reviewer:
ms.author: dansimp

2
windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
View File

@ -1,6 +1,6 @@
---
title: Recovery console Allow automatic administrative logon (Windows 10)
description: Describes the best practices, location, values, policy management and security considerations for the Recovery console Allow automatic administrative logon security policy setting.
description: Best practices, location, values, policy management and security considerations for the policy setting, Recovery console Allow automatic administrative logon.
ms.assetid: be2498fc-48f4-43f3-ad09-74664e45e596
ms.reviewer:
ms.author: dansimp