deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs3' into jd3csp

Browse Source
This commit is contained in:
jdeckerMS 2017-09-20 12:02:28 -07:00
commit 62007ca26b
14 changed files with 137 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/client-management/mdm/TOC.md
View File

@ -202,6 +202,7 @@
#### [Experience](policy-csp-experience.md) #### [Experience](policy-csp-experience.md)
#### [ExploitGuard](policy-csp-exploitguard.md) #### [ExploitGuard](policy-csp-exploitguard.md)
#### [Games](policy-csp-games.md) #### [Games](policy-csp-games.md)
#### [Handwriting](policy-csp-handwriting.md)
#### [InternetExplorer](policy-csp-internetexplorer.md) #### [InternetExplorer](policy-csp-internetexplorer.md)
#### [Kerberos](policy-csp-kerberos.md) #### [Kerberos](policy-csp-kerberos.md)
#### [Licensing](policy-csp-licensing.md) #### [Licensing](policy-csp-licensing.md)

BIN
windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 106 KiB

BIN
windows/client-management/mdm/images/provisioning-csp-vpnv2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 107 KiB

10
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 08/31/2017 ms.date: 09/12/2017
--- ---
# What's new in MDM enrollment and management # What's new in MDM enrollment and management
@ -956,7 +956,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</tr> </tr>
<tr class="even"> <tr class="even">
<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td> <td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
<td style="vertical-align:top"><p>Added DeviceTunnel profile in Windows 10, version 1709.</p> <td style="vertical-align:top"><p>Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709.</p>
</td></tr> </td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td> <td style="vertical-align:top">[DeviceStatus CSP](devicestatus-csp.md)</td>
@ -1015,6 +1015,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>DeviceGuard/LsaCfgFlags</li> <li>DeviceGuard/LsaCfgFlags</li>
<li>ExploitGuard/ExploitProtectionSettings</li> <li>ExploitGuard/ExploitProtectionSettings</li>
<li>Games/AllowAdvancedGamingServices</li> <li>Games/AllowAdvancedGamingServices</li>
<li>Handwriting/PanelDefaultModeDocked</li>
<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li> <li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
<li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li> <li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li>
<li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li> <li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li>
@ -1371,6 +1372,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p> <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
<ul> <ul>
<li>Authentication/AllowAadPasswordReset</li> <li>Authentication/AllowAadPasswordReset</li>
<li>Handwriting/PanelDefaultModeDocked</li>
<li>Search/AllowCloudSearch</li> <li>Search/AllowCloudSearch</li>
<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li> <li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
</ul> </ul>
@ -1390,6 +1392,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</ul> </ul>
<p>For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.</p> <p>For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.</p>
</td></tr> </td></tr>
<tr class="odd">
<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
<td style="vertical-align:top"><p>Added RegisterDNS setting in Windows 10, version 1709.</p>
</td></tr>
</tbody> </tbody>
</table> </table>

8
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -1027,6 +1027,14 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd> </dd>
</dl> </dl>
### Handwriting policies
<dl>
<dd>
<a href="./policy-csp-handwriting.md#handwriting-paneldefaultmodedocked" id="handwriting-paneldefaultmodedocked">Handwriting/PanelDefaultModeDocked</a>
</dd>
</dl>
### InternetExplorer policies ### InternetExplorer policies
<dl> <dl>

72
windows/client-management/mdm/policy-csp-handwriting.md Normal file
View File

@ -0,0 +1,72 @@
---
title: Policy CSP - Handwriting
description: Policy CSP - Handwriting
ms.author: maricia
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 09/07/2017
---
# Policy CSP - Handwriting
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<!--StartPolicies-->
<hr/>
## Handwriting policies
<!--StartPolicy-->
<a href="" id="handwriting-paneldefaultmodedocked"></a>**Handwriting/PanelDefaultModeDocked**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3<sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel.
<p style="margin-left: 20px">The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen.
<p style="margin-left: 20px">In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction.
<p style="margin-left: 20px">The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way.
<ul>
<li>0 - Disabled (default)</li>
<li>1 - Enabled</li>
</ul>
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
Footnote:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->

12
windows/client-management/mdm/vpnv2-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 07/07/2017 ms.date: 09/18/2017
--- ---
# VPNv2 CSP # VPNv2 CSP
@ -35,7 +35,7 @@ The XSDs for all EAP methods are shipped in the box and can be found at the foll
The following diagram shows the VPNv2 configuration service provider in tree format. The following diagram shows the VPNv2 configuration service provider in tree format.
![vpnv2 csp diagram](images/provisioning-csp-vpnv2-rs1.png) ![vpnv2 csp diagram](images/provisioning-csp-vpnv2.png)
<a href="" id="device-or-user-profile"></a>**Device or User profile** <a href="" id="device-or-user-profile"></a>**Device or User profile**
For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path. For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path.
@ -303,6 +303,14 @@ A device tunnel profile must be deleted before another device tunnel profile can
Value type is bool. Supported operations include Get, Add, Replace, and Delete. Value type is bool. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-registerdns"></a>**VPNv2/***ProfileName***/RegisterDNS**
Allows registration of the connection's address in DNS.
Valid values:
- False = Do not register the connection's address in DNS (default).
- True = Register the connection's addresses in DNS.
<a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/***ProfileName***/DnsSuffix** <a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/***ProfileName***/DnsSuffix**
Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.

29
windows/client-management/mdm/vpnv2-ddf-file.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 07/07/2017 ms.date: 09/18/2017
--- ---
# VPNv2 DDF file # VPNv2 DDF file
@ -992,6 +992,33 @@ The XML below is for Windows 10, version 1709.
</DFType> </DFType>
</DFProperties> </DFProperties>
</Node> </Node>
<Node>
<NodeName>RegisterDNS</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>
False = Do not register the connection's address in DNS (default).
True = Register the connection's addresses in DNS.
</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node> <Node>
<NodeName>DnsSuffix</NodeName> <NodeName>DnsSuffix</NodeName>
<DFProperties> <DFProperties>

2
windows/configuration/manage-tips-and-suggestions.md
View File

@ -44,7 +44,7 @@ Windows 10, version 1607 (also known as the Anniversary Update), provides organi
| Windows 10 Pro Education | Yes (default) | Yes | No (setting cannot be changed) | | Windows 10 Pro Education | Yes (default) | Yes | No (setting cannot be changed) |
| Windows 10 Education | Yes (default) | Yes | No (setting cannot be changed) | | Windows 10 Education | Yes (default) | Yes | No (setting cannot be changed) |
[Learn more about policy settings for Windows Spotlight.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)
## Related topics ## Related topics

3
windows/configuration/start-layout-xml-desktop.md
View File

@ -32,8 +32,7 @@ On Windows 10 for desktop editions, the customized Start works by:
>[!NOTE] >[!NOTE]
>Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx). >Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx).
>[!NOTE]
>Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/library/jj649079.aspx).
## LayoutModification XML ## LayoutModification XML

2
windows/deployment/deploy-whats-new.md
View File

@ -79,7 +79,7 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
### Microsoft Deployment Toolkit (MDT) ### Microsoft Deployment Toolkit (MDT)
MDT build 884 is available, including support for: MDT build 8443 is available, including support for:
- Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016. - Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016.
- The Windows ADK for Windows 10, version 1607. - The Windows ADK for Windows 10, version 1607.
- Integration with Configuration Manager version 1606. - Integration with Configuration Manager version 1606.

4
windows/deployment/usmt/usmt-common-issues.md
View File

@ -229,7 +229,7 @@ There are three typical causes for this issue.
**Description:** You are using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and does not have the Start menu layout they had previously configured. **Description:** You are using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and does not have the Start menu layout they had previously configured.
**Cause:** A code change in the Start Menu with Windows 10 version 1607 is incompatible with this USMT function. **Cause:** A code change in the Start Menu with Windows 10 version 1607 and later is incompatible with this USMT function.
**Resolution:** The following workaround is available: **Resolution:** The following workaround is available:
@ -245,6 +245,8 @@ There are three typical causes for this issue.
Import-StartLayout LayoutPath "C:\Layout\user1.xml" MountPath %systemdrive% Import-StartLayout LayoutPath "C:\Layout\user1.xml" MountPath %systemdrive%
``` ```
This workaround changes the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout.
## <a href="" id="bkmk-offline"></a>Offline Migration Problems ## <a href="" id="bkmk-offline"></a>Offline Migration Problems

3
windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
View File

@ -33,6 +33,9 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might
You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries. You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries.
>[!WARNING]
> For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding.
1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): 1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
a. Click **Endpoint management** > **Clients** on the **Navigation pane**. a. Click **Endpoint management** > **Clients** on the **Navigation pane**.