Merge branch 'master' of https://github.com/microsoftdocs/windows-itpro-docs

2025-06-15 02:13:43 +00:00 · 2019-04-08 06:58:26 -07:00
parent e6188de45f f2a566edc1
commit 5fba244cb2
14 changed files with 68 additions and 28 deletions
--- a/windows/application-management/remove-provisioned-apps-during-update.md
+++ b/windows/application-management/remove-provisioned-apps-during-update.md
@ -17,17 +17,20 @@ When you update a computer running Windows 10, version 1703 or 1709, you might s
 >[!NOTE]
 >* This issue only occurs after a feature update (from one version to the next), not monthly updates or security-related updates.
 >* This only applies to first-party apps that shipped with Windows 10. This doesn't apply to third-party apps, Microsoft Store apps, or LOB apps.
+>* This issue can occur whether you removed the app using `Remove-appxprovisionedpackage` or `Get-AppxPackage -allusers | Remove-AppxPackage -Allusers`.

-To remove a provisioned app, you need to remove the provisioning package. The apps might reappear if you removed the packages in one of the following ways:
+To remove a provisioned app, you need to remove the provisioning package. The apps might reappear if you [removed the packages](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage) in one of the following ways:

 * If you removed the packages while the wim file was mounted when the device was offline.
 * If you removed the packages by running a PowerShell cmdlet on the device while Windows was online. Although the apps won't appear for new users, you'll still see the apps for the user account you signed in as.

-When you remove a provisioned app, we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn't online when you deprovision the app, then we don't create that registry key. (This behavior is fixed in Windows 10, version 1803. If you're running Windows 10, version 1709, apply the latest security update to fix it.)
+When you [remove a provisioned app](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage), we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn't online when you deprovision the app, then we don't create that registry key. (This behavior is fixed in Windows 10, version 1803. If you're running Windows 10, version 1709, apply the latest security update to fix it.)
+

 >[!NOTE]
 >If you remove a provisioned app while Windows is online, it's only removed for *new users*—the user that you signed in as will still have that provisioned app. That's because the registry key created when you deprovision the app only applies to new users created *after* the key is created. This doesn't happen if you remove the provisioned app while Windows is offline.

+
 To prevent these apps from reappearing at the next update, manually create a registry key for each app, then update the computer.

 ## Create registry keys for deprovisioned apps
@ -38,7 +41,7 @@ Use the following steps to create a registry key:
 2. Create a .reg file to generate a registry key for each app. Use [this list of Windows 10, version 1709 registry keys](#registry-keys-for-provisioned-apps) as your starting point.
    1. Paste the list of registry keys into Notepad (or a text editor).
    2. Remove the registry keys belonging to the apps you want to keep. For example, if you want to keep the Bing Weather app, delete this registry key:
-       ```
+       ```yaml
       HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\A ppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe]
       ```
    3. Save the file with a .txt extension, then right-click the file and change the extension to .reg.
@ -158,3 +161,9 @@ Windows Registry Editor Version 5.00

 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe]
 ```
+
+
+
+[Get-AppxPackage](https://docs.microsoft.com/powershell/module/appx/get-appxpackage)
+[Get-AppxPackage -allusers](https://docs.microsoft.com/powershell/module/appx/get-appxpackage)
+[Remove-AppxPackage](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage)
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@ -666,6 +666,13 @@ The following list shows the supported values:
 Enabling this policy prevents context menus from being invoked in the Start Menu.

 <!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – False (Do not disable).
+-   1 - True (disable).
+
+<!--/SupportedValues-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Disable context menus in the Start Menu*
@ -1091,6 +1098,13 @@ Added in Windows 10, version 1709. Enabling this policy removes the people icon
 Value type is integer.

 <!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<!--/SupportedValues-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Remove the People Bar from the taskbar*
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@ -288,7 +288,7 @@ When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t bee

 If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.

-If you enable this policy setting, you must provide the number of days since a cloud-backed file has been opened before Storage Sense will dehydrate it. Supported values are: 0–365.
+If you enable this policy setting, you must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it. Supported values are: 0–365.

 If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content.

@ -357,7 +357,7 @@ When Storage Sense runs, it can delete files in the user’s Downloads folder if

 If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect.

-If you enable this policy setting, you must provide the number of days since a file in the Downloads folder has been opened before Storage Sense will delete it. Supported values are: 0–365.
+If you enable this policy setting, you must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from the Downloads folder. Supported values are: 0-365.

 If you set this value to zero, Storage Sense will not delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder.

--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@ -151,7 +151,7 @@ If set to True, this DomainName rule will trigger the VPN

 By default, this value is false.

-Value type is bool. Persistent
+Value type is bool.

 <a href="" id="vpnv2-profilename-domainnameinformationlist-dnirowid-persistent"></a>**VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/Persistent**  
 Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN is not connected. Value values:
@ -624,10 +624,10 @@ Profile example
    </Authentication>
    <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
  </NativeProfile>
-  <DomainNameInformation>
+  <DomainNameInformationList>
    <DomainName>.contoso.com</DomainName>
    <DNSServers>10.5.5.5</DNSServers>
-  </DomainNameInformation>
+  </DomainNameInformationList>
 <TrafficFilter>  
    <App>%ProgramFiles%\Internet Explorer\iexplore.exe</App> 
  </TrafficFilter> 
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@ -488,7 +488,7 @@ Like the MDT Build Lab deployment share, the MDT Production deployment share nee
  
 ## <a href="" id="sec08"></a>Step 8: Deploy the Windows 10 client image

-These steps will walk you throug the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process.
+These steps will walk you through the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process.

 ### Configure Windows Deployment Services

--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md
@ -109,7 +109,7 @@ To find out which version of Windows 10 is right for your organization, you can

 ### How will people in my organization adjust to using Windows 10 Enterprise after upgrading from Windows 7 or Windows 8.1?

-Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1. To help you make the transition a seamless one, download the [Windows 10 for Business Onboarding Kit](https://blogs.technet.microsoft.com/windowsitpro/2016/06/28/windows-10-for-business-onboarding-kit/) and see our [end user readiness](https://technet.microsoft.com/windows/dn621092) resources.
+Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1. To help you make the transition a seamless one, download the [Windows 10 Adoption Planning Kit](https://info.microsoft.com/Windows10AdoptionPlanningKit) and see our [end user readiness](https://technet.microsoft.com/windows/dn621092) resources.

 ### How does Windows 10 help people work with applications and data across a variety of devices?

@ -127,4 +127,4 @@ Use the following resources for additional information about Windows 10.
 - If you are an IT professional or if you have a question about administering, managing, or deploying Windows 10 in your organization or business, visit the [Windows 10 IT Professional forums](https://social.technet.microsoft.com/forums/home?category=windows10itpro) on TechNet.
 - If you are an end user or if you have a question about using Windows 10, visit the [Windows 10 forums on Microsoft Community](https://answers.microsoft.com/windows/forum/windows_10).
 - If you are a developer or if you have a question about making apps for Windows 10, visit the [Windows Desktop Development forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsdesktopdev) or [Windows and Windows phone apps forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsapps) on MSDN.
- If you have a question about Internet Explorer, visit the [Internet Explorer forums](https://social.technet.microsoft.com/forums/ie/en-us/home) on TechNet.
+- If you have a question about Internet Explorer, visit the [Internet Explorer forums](https://social.technet.microsoft.com/forums/ie/en-us/home) on TechNet.
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@ -25,6 +25,7 @@ Everyone wins when transparency is a top priority. We want you to know when upda

 The latest news:
 <ul compact style="list-style: none"> 
+<li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540">Windows 10, version 1809 designated for broad deployment</a> - March 28, 2019</li>
 <li><a href="https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience">Data, insights and listening to improve the customer experience</a> - March 6, 2019</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Getting-to-know-the-Windows-update-history-pages/ba-p/355079">Getting to know the Windows update history pages</a> - February 21, 2019</li>
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@ -55,7 +55,7 @@ Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.</td>

 ## Log entry structure

-A setupact.log or setuperr.log entry includes the following elements:
+A setupact.log or setuperr.log (files are located at C:\Windows) entry includes the following elements:

 <ol>
 <LI><B>The date and time</B> - 2016-09-08 09:20:05.
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@ -20,7 +20,7 @@ ms.topic: article

 Modern desktop management with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away.

-This topic describes how to convert Windows 7 domain-joined computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot.
+This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot.

 ## Prerequisites

@ -278,7 +278,7 @@ Next, ensure that all content required for the task sequence is deployed to dist

 ### Complete the client installation process

-1. Open the Software Center on the target Windows 7 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:
+1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:

    ```
    C:\Windows\CCM\SCClient.exe
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@ -22,16 +22,26 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur

 - Windows 10 version 1703 (semi-annual channel) or higher is required. 
 - The following editions are supported:
-    -   Pro
-    -   Pro Education
-    -   Pro for Workstations
-    -   Enterprise
-    -   Education
+    -   Windows 10 Pro
+    -   Windows 10 Pro Education
+    -   Windows 10 Pro for Workstations
+    -   Windows 10 Enterprise
+    -   Windows 10 Education
+    -   Windows 10 Enterprise 2019 LTSC
+    
+ - If you're using Autopilot for Surface devices, note that only the following Surface devices support Autopilot:
+    - Surface Go
+    - Surface Go with LTE Advanced
+    - Surface Pro (5th gen) 
+    - Surface Pro with LTE Advanced (5th gen) 
+    - Surface Pro 6
+    - Surface Laptop (1st gen)
+    - Surface Laptop 2
+    - Surface Studio (1st gen)
+    - Surface Studio 2
+    - Surface Book 2

- Windows 10 Enterprise 2019 LTSC is also supported.
-
-See the following topics for details on licensing, network, and configuration requirements:
- [Licensing requirements](windows-autopilot-requirements-licensing.md)
+See the following topics for details on network and configuration requirements:
 - [Networking requirements](windows-autopilot-requirements-network.md)
 - [Configuration requirements](windows-autopilot-requirements-configuration.md)
    - For details about specific configuration requirements to enable user-driven Hybrid Azure Active Directory join for Windows Autopilot, see [Intune Connector (preview) language requirements](intune-connector.md). This requirement is a temporary workaround, and will be removed in the next release of Intune Connector. 
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@ -175,7 +175,12 @@ This rule blocks the following file types from launching unless they either meet
 >[!NOTE]
 >You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule.

-Intune name: Executables that don't meet a prevalence, age, or trusted list criteria
+>[!IMPORTANT] 
+>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly.
+>
+>You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.
+
+Intune name: Executables that don't meet a prevalence, age, or trusted list criteria.

 SCCM name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria

--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@ -37,7 +37,7 @@ You can exclude files and folders from being evaluated by most attack surface re
 You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to.

 >[!IMPORTANT] 
->The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25, it's owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.
+>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. 

 ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). 

@ -179,3 +179,4 @@ Value: c:\path|e:\path|c:\Whitelisted.exe

 - [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md)
 - [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md)
+- [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus)