deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-30 14:17:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 5758: 2/7 AM Publish

Browse Source
This commit is contained in:
Alma Jenks 2018-02-07 18:37:52 +00:00
commit 62c604c6e8
3 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
windows/device-security/bitlocker/bitlocker-recovery-guide-plan.md
View File

@ -100,15 +100,16 @@ Before you create a thorough BitLocker recovery process, we recommend that you t
1. Click the **Start** button, type **cmd** in the **Start Search** box, right-click **cmd.exe**, and then click **Run as administrator**. 1. Click the **Start** button, type **cmd** in the **Start Search** box, right-click **cmd.exe**, and then click **Run as administrator**.
2. At the command prompt, type the following command and then press ENTER: 2. At the command prompt, type the following command and then press ENTER:
`manage-bde -forcerecovery <Volume>` `manage-bde -forcerecovery <BitLockerVolume>`
**To force recovery for a remote computer** **To force recovery for a remote computer**
1. On the Start screen, type **cmd.exe**, and then click **Run as administrator**. 1. On the Start screen, type **cmd.exe**, and then click **Run as administrator**.
2. At the command prompt, type the following command and then press ENTER: 2. At the command prompt, type the following command and then press ENTER:
`manage-bde. -ComputerName <ComputerName> -forcerecovery <Volume>` `manage-bde. -ComputerName <RemoteComputerName> -forcerecovery <BitLockerVolume>`
> **Note:**  *ComputerName* represents the name of the remote computer. *Volume* represents the volume on the remote computer that is protected with BitLocker. > **Note:**  Recovery triggered by `-forcerecovery` persists for multiple restarts until a TPM protector is added or protection is suspended by the user.
   
## <a href="" id="bkmk-planningrecovery"></a>Planning your recovery process ## <a href="" id="bkmk-planningrecovery"></a>Planning your recovery process

BIN
windows/device-security/device-guard/images/wdac-edit-gp.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

8
windows/device-security/device-guard/steps-to-deploy-windows-defender-application-control.md
View File

@ -1056,7 +1056,7 @@ To deploy and manage a WDAC policy with Group Policy:
1. On a domain controller on a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** or searching for “Group Policy Management” in Windows Search. 1. On a domain controller on a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** or searching for “Group Policy Management” in Windows Search.
2. Create a new GPO: right-click an OU, for example, the **DG Enabled PCs OU**, and then click **Create a GPO in this domain, and Link it here**, as shown in Figure 3. 2. Create a new GPO: right-click an OU and then click **Create a GPO in this domain, and Link it here**, as shown in Figure 3.
> **Note**&nbsp;&nbsp;You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Planning and getting started on the Windows Defender Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md). > **Note**&nbsp;&nbsp;You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Planning and getting started on the Windows Defender Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md).
@ -1064,15 +1064,15 @@ To deploy and manage a WDAC policy with Group Policy:
Figure 3. Create a GPO Figure 3. Create a GPO
3. Name new GPO **Contoso GPO Test**. This example uses Contoso GPO Test as the name of the GPO. You can choose any name that you prefer for this example. 3. Name new GPO. You can choose any name.
4. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**. 4. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**.
5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Windows Defender Device Guard. Right-click **Deploy Windows Defender Application Control** and then click **Edit**. 5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Windows Defender Device Guard. Right-click **Deploy Windows Defender Application Control** and then click **Edit**.
![Edit the group policy for Windows Defender Application Control](images/dg-fig25-editcode.png) ![Edit the Group Policy for Windows Defender Application Control](images/wdac-edit-gp.png)
Figure 4. Edit the group policy for Windows Defender Application Control Figure 4. Edit the Group Policy for Windows Defender Application Control
6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the code integrity policy deployment path. 6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the code integrity policy deployment path.